Terry Barnum wrote: > I'm trying to block clients attempting to connect via VNC. Archive > and google searches turned up a few conversations about adding this > functionality to denyhosts but what I've done doesn't appear to be > working. I tested the python regex at <http://re-try.appspot.com/> > > Here's the line in /var/log/secure.log: > > May 25 23:28:49 machine /path/to/AppleVNCServer[12345]: > Authentication: FAILED :: User Name: N/A :: Viewer Address: > 192.168.50.1 :: Type: VNC DES > > I added the following to denyhosts.cfg: > > SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|AppleVNCServer\[.*\]) > (?P<message>.*)
Try: SSHD_FORMAT_REGEX=.*( sshd.*:| \[sshd\]|AppleVNCServer.*:) (?P<message>.*) All in one line, a space precedes the last parenthesized part. > USERDEF_FAILED_ENTRY_REGEX=Authentication:\ FAILED.* > Viewer\ Address:\ (?P<host>\S+) I would try to get the user name, just in case it is available: USERDEF_FAILED_ENTRY_REGEX=Authentication: FAILED :: User Name: (?P<user>.*) :: Viewer Address: (?P<host>\S+) .* > Any pointers why this isn't working? Only your SSHD_FORMAT_REGEX looks incorrect, i.e. your log has no space before AppleVNCServer and the regex looks for one right there. -- René Berber ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
