Author: blues Date: Mon Feb 28 10:40:22 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- bugfix - reorder display, catch v6-mapped IP.
---- Files affected:
SOURCES:
logwatch-sshd.patch (1.27 -> 1.28)
---- Diffs:
================================================================
Index: SOURCES/logwatch-sshd.patch
diff -u SOURCES/logwatch-sshd.patch:1.27 SOURCES/logwatch-sshd.patch:1.28
--- SOURCES/logwatch-sshd.patch:1.27 Thu Feb 24 23:36:53 2005
+++ SOURCES/logwatch-sshd.patch Mon Feb 28 11:40:17 2005
@@ -4,15 +4,20 @@
retrieving revision 1.41
diff -u -r1.41 sshd
--- scripts/services/sshd 24 Feb 2005 17:08:05 -0000 1.41
-+++ scripts/services/sshd 24 Feb 2005 22:33:59 -0000
-@@ -116,18 +116,17 @@
++++ scripts/services/sshd 28 Feb 2005 10:39:15 -0000
+@@ -112,22 +112,21 @@
+ } else {
+ $Users{$2}{$3}{"(all)"}++;
+ }
+- } elsif ( $ThisLine =~ m/^Failed (\S+) for (invalid user )(\S+) from ([^
]+) port (\d+)/ ) { #openssh
++ } elsif (($Method,$User,$From,undef) = ( $ThisLine =~ m/^Failed (\S+) for
invalid user (\S+) from ([^ ]+) port (\d+)/ )) { #openssh
if ( $Debug >= 5 ) {
print STDERR "DEBUG: Found -Failed login- line\n";
}
- $BadLogins{"$3/$1 from $4"}++;
- } elsif ( $ThisLine =~ m/^Failed (\S+) for illegal user (.*) from ([^ ]+)
port (\d+)/ ) { #openssh
- $Temp = "$2/$1 from $3";
-+ $BadLogins{"$2/$1 from $3"}++;
++ $BadLogins{"invalid user $User ($Method) from $From"}++;
+ } elsif ( ($Method, undef,$User,$Host,$Port) = ($ThisLine =~ m/^Failed
(\S+) for (illegal|invalid) user (.*) from ([^ ]+) port (\d+)/ ) ) { #openssh
+ $Temp = "$User/$Method from $Host";
$BadLogins{$Temp}++;
@@ -29,3 +34,18 @@
} elsif ( $ThisLine =~ m/^(fatal: )?Did not receive ident(ification)?
string from (.+)/ ) { # ssh/openssh
$name = LookupIP($3);
$NoIdent{$name}++;
+@@ -170,12 +169,12 @@
+ if ( $Debug >= 5 ) {
+ print STDERR "DEBUG: Found -Keygen complete- line\n";
+ }
+- } elsif ( $ThisLine =~ m/^Failed (\w+) for (\S+) from ([\d.]+) port (\d+)/
) { #openssh
++ } elsif ( ($Method,$User,$Host,undef) = ( $ThisLine =~ m/^Failed (\w+) for
(\S+) from ([^ ]+) port (\d+)/ ) ) { #openssh
+ # depending on log mode, openssh may not report these in connection
context.
+ if ( $Debug >= 5 ) {
+ print STDERR "DEBUG: Found -Failed login- line\n";
+ }
+- $BadLogins{"$2/$1 from $3"}++;
++ $BadLogins{"$User/$Method from $Host"}++;
+ } elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^
]*).*$/$2/) {
+ $NoRevMap{$ThisLine}++;
+ } elsif ( ($Address) = ($ThisLine =~ /^reverse mapping checking
getaddrinfo for ([^ ]*) failed - POSSIBLE BREAKIN ATTEMPT!/)) {
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/logwatch-sshd.patch?r1=1.27&r2=1.28&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
