Thank you René. On Jun 11, 2010, at 3:18 PM, René Berber wrote:
> Terry Barnum wrote: > >> I'm trying to block clients attempting to connect via VNC. Archive >> and google searches turned up a few conversations about adding this >> functionality to denyhosts but what I've done doesn't appear to be >> working. I tested the python regex at <http://re-try.appspot.com/> >> >> Here's the line in /var/log/secure.log: >> >> May 25 23:28:49 machine /path/to/AppleVNCServer[12345]: >> Authentication: FAILED :: User Name: N/A :: Viewer Address: >> 192.168.50.1 :: Type: VNC DES >> >> I added the following to denyhosts.cfg: >> >> SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|AppleVNCServer\[.*\]) >> (?P<message>.*) > > Try: > > SSHD_FORMAT_REGEX=.*( sshd.*:| \[sshd\]|AppleVNCServer.*:) (?P<message>.*) > > All in one line, a space precedes the last parenthesized part. I do have it on one line but it looks like it gets wrapped in transit. I did miss the extra space at the beginning though. Thank you for catching that. >> USERDEF_FAILED_ENTRY_REGEX=Authentication:\ FAILED.* >> Viewer\ Address:\ (?P<host>\S+) > > I would try to get the user name, just in case it is available: > > USERDEF_FAILED_ENTRY_REGEX=Authentication: FAILED :: User Name: > (?P<user>.*) :: Viewer Address: (?P<host>\S+) .* So escaping spaces is not necessary? I'll make your changes and report back. Thanks, -Terry >> Any pointers why this isn't working? > > Only your SSHD_FORMAT_REGEX looks incorrect, i.e. your log has no space > before AppleVNCServer and the regex looks for one right there. > -- > René Berber ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
