1234567891011121314151617181920212223242526272829303132 |
- # sshd bad protocol ban
- ## Note: used the default sshd.conf as a template.
- [INCLUDES]
- # Read common prefixes. If any customizations available -- read them from
- # common.local
- before = common.conf
- [DEFAULT]
- _daemon = sshd
- # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
- __pref = (?:(?:error|fatal): (?:PAM: )?)?
- # optional suffix (logged from several ssh versions) like " [preauth]"
- __suff = (?: \[preauth\])?\s*
- __on_port_opt = (?: port \d+)?(?: on \S+(?: port \d+)?)?
- # for all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found",
- # see ssherr.c for all possible SSH_ERR_..._ALG_MATCH errors.
- __alg_match = (?:(?:\w+ (?!found\b)){0,2}\w+)
- [Definition]
- prefregex = ^<F-MLFID>%(__prefix_line)s</F-MLFID>%(__pref)s<F-CONTENT>.+</F-CONTENT>$
- failregex = ^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
- ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
- #ignoreregex =
|