Rev 4 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban ssh filter for at attempted exploit## The regex here also relates to a exploit:## http://www.securityfocus.com/bid/17958/exploit# The example code here shows the pushing of the exploit straight after# reading the server version. This is where the client version string normally# pushed. As such the server will read this unparsible information as# "Did not receive identification string".[INCLUDES]# Read common prefixes. If any customizations available -- read them from# common.localbefore = common.conf[Definition]_daemon = sshdfailregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$ignoreregex =[Init]journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd# Author: Yaroslav Halchenko