[Bug 260607] security/py-fail2ban regex not working in bsd-sshd filter

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260607

            Bug ID: 260607
           Summary: security/py-fail2ban regex not working in bsd-sshd
                    filter
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: belot.nicolas@gmail.com
                CC: theis@gmx.at
             Flags: maintainer-feedback?(theis@gmx.at)
                CC: theis@gmx.at

Hello,

The regex  ^%(__prefix_line)sDid not receive identification string from <HOST>$
will not match entry in /var/log/auth.log as the log entry contains tcp port
number
Ex : Did not receive identification string from 51.159.67.165 port 59677

we should add this regex in the filter :  
^%(__prefix_line)sDid not receive identification string from <HOST>\s.*$

In the same spirit, 

^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .*
POSSIBLE BREAK-IN ATTEMPT!$

in my log i only see 
^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\]
failed\.$

We should add a regex accordingly

And at last, in my opinion, hitting the preauth timeout is suspicious, i think
we should add a regex to match it

^%(__prefix_line)sConnection closed by <HOST> port \d+ \[preauth\]$


Regards

-- 
You are receiving this mail because:
You are the assignee for the bug.