Tobias,
Thanks for that. In fact I've picked up a few of those issues recently
and extended my patch to include them. The only item I have to query
is if lines of the form:
error: maximum authentication attempts exceeded for invalid user admin
from 31.162.41.222 port 43423 ssh2 [preauth]
i.e. invalid users, should be added to $TooManyFailures{$User} (as you
do) or $IllegalUsers{$Host}{$User} (as I've recently added)?
In fact, it may be just as easy to ignore that message, as it also
appears as normal failures messages for the previous attempts, and so
has already been logged earlier.
Anyway, that is just a little nit, not a big issue.
RegardsFrank
Hi all,
I have extended Frank Crawford's patch for sshd from September to
match more "Unmatched Entries" on my Gentoo system (I don't think
there is anything specific), see attachment. Would be great to see
this in an upcoming release.
Regards, Tobias
--
GPG-Key: 0xEF37FF28 (1024/4096 - DSA/ELG-E)
Fingerprint: 3C4B 155F 2621 CEAF D3A6 0CCB 937C 9597 EF37 FF28
-------------------------------------------------------------------
-----------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot__________
_____________________________________
Logwatch-devel mailing list
https://lists.sourceforge.net/lists/listinfo/logwatch-devel