From ca7764ba97c0d80ca32398f187d6bfbbbae78c90 Mon Sep 17 00:00:00 2001 From: Fredrik Wahlberg Date: Sun, 12 Feb 2023 07:43:50 +0100 Subject: [PATCH] =?UTF-8?q?N=C3=A5gra=20fler=20varianter=20p=C3=A5=20anv?= =?UTF-8?q?=C3=A4ndarnamn?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- logcheck-fw-sshd | 3 ++- testlog | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/logcheck-fw-sshd b/logcheck-fw-sshd index 03f7605..220fcc8 100644 --- a/logcheck-fw-sshd +++ b/logcheck-fw-sshd @@ -154,7 +154,8 @@ #Feb 2 03:18:13 nada sshd[22960]: Connection reset by invalid user admin 61.74.183.79 port 61300 [preauth] #Feb 2 04:36:04 nada sshd[25211]: Connection reset by invalid user default 220.80.142.228 port 60384 [preauth] #Feb 2 06:03:18 nada sshd[27153]: Connection reset by invalid user pi 175.196.231.248 port 53934 [preauth] -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user ([[:alnum:]]+)? [.:[:digit:]]+ port [[:digit:]]+ \[preauth\] +#Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth] +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user ([-$[:alnum:]]+)? [.:[:digit:]]+ port [[:digit:]]+ \[preauth\] diff --git a/testlog b/testlog index e21baa0..181b4f3 100644 --- a/testlog +++ b/testlog @@ -769,7 +769,7 @@ Feb 2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry quer Feb 5 01:04:52 nada sshd[26681]: fatal: userauth_pubkey: parse request failed: incomplete message [preauth] Feb 5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceeded for invalid user ec2-user from 183.107.58.230 port 63999 ssh2 [preauth] Feb 5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth] - +Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth] Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem... Aug 23 18:39:24 nada fredrik[1713]: Sista raden