- edited description
Invalid user doesn't match lines where port is logged
Issue #71
resolved
Our ssh is logging those lines:
Mar 21 11:33:45 kenny01 sshd[17475]: Invalid user support from 190.50.238.98 port 32836
This doesn't match, whereas this matches:
Mar 21 11:33:45 kenny01 sshd[17475]: Invalid user support from 190.50.238.98
Looking at the rules it appears this doesn't have a rule (yet). Unfortunately, I don't understand enough about your rule engine to make a proper patch. :(
Specs:
- OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
- sshguard from git (640986a29cf280d5ea6e47f41e9f6c956b1ad89f)
- Linux eddie 4.4.27-gentoo
#1SMP Fri Oct 28 17:44:50 CEST 2016 x86_64 Intel(R) Xeon(R) CPU E3113 @ 3.00GHz GenuineIntel GNU/Linux - Firewall is netfilter/iptables
- /usr/sbin/sshguard -i /var/run/sshguard.pid -l /var/log/auth.log -l /var/log/messages
Comments (2)
-
reporter -
- changed status to resolved
Fixed in 262a05a, thanks!
- Log in to comment