Ray Collett wrote: > so I built a new server the other day and I'm trying to get a custom regex to > pickup on ProFTP login failures. Here's the line I added to my > denyhosts.cfg: > > USERDEF_FAILED_ENTRY_REGEX=.*proftpd.*USER (?P<user>\S+): no such user found > from.*\[(?P<host>.*)\].*:21 [snip]
The answer was given by Phil Schwartz (this list, on 9/13/07): > I believe your problem is because DenyHosts only evaluates lines that match > the > > SSHD_FORMAT_REGEX > > If it does, it then applies each of the FAILED_ENTRY_REGEX and > USERDEF_FAILED_ENTRY_REGEX regex'es against it. That is, if the line doesn't > match SSHD_FORMAT_REGEX it will be ignored completely by DH. > > You need to modify SSHD_FORMAT_REGEX to include VSFTPD. By default: > > SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""") > > You'll need to modify your denyhosts.cfg file and add: > > SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|vsftpd) (?P<message>.*) Regards. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
