Browse Source

* tune filters

master
Alex 'AdUser' Z 3 years ago
parent
commit
aac82d53f7
  1. 20
      filters/ssh.preg

20
filters/ssh.preg

@ -1,19 +1,17 @@
# set: defscore=15
Invalid user [[:print:]]+ from <HOST>
Postponed keyboard-interactive for invalid user [[:print:]]+ from <HOST> port [0-9]+
Failed password for invalid user .* from <HOST>
User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers
User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups
# set: defscore=10
[Aa]uthentication failure for .* from <HOST>( via [[:print:]]*)?
[Aa]uthentication error for .* from <HOST>( via [[:print:]]*)?
User not known to the underlying authentication module for .* from <HOST>
Failed password for .* from <HOST>
refused connect from [[:print:]]+ \(<HOST>\)
Received disconnect from <HOST>: [0-9]*: [[:print:]]+: Auth fail
User [[:print:]]+ from <HOST> not allowed because not listed in AllowUsers
User [[:print:]]+ from <HOST> not allowed because listed in DenyUsers
User [[:print:]]+ from <HOST> not allowed because not in any group
User [[:print:]]+ from <HOST> not allowed because a group is listed in DenyGroups
User [[:print:]]+ from <HOST> not allowed because none of user's groups are listed in AllowGroups
[Aa]uthentication failure for .* from <HOST>( via [[:print:]]*)?
[Aa]uthentication error for .* from <HOST>( via [[:print:]]*)?
Failed password for .* from <HOST>
# set: defscore=5
User not known to the underlying authentication module for .* from <HOST>
Invalid user [[:print:]]+ from <HOST>
# set: defscore=3
refused connect from [[:print:]]+ \(<HOST>\)
Did not receive identification string from <HOST>
Connection closed by <HOST>( port [0-9]+)? \[preauth\]

Loading…
Cancel
Save