26 lines
666 B
Text
26 lines
666 B
Text
# Fail2Ban ssh filter for at attempted exploit
|
|
#
|
|
# The regex here also relates to a exploit:
|
|
#
|
|
# http://www.securityfocus.com/bid/17958/exploit
|
|
# The example code here shows the pushing of the exploit straight after
|
|
# reading the server version. This is where the client version string normally
|
|
# pushed. As such the server will read this unparsible information as
|
|
# "Did not receive identification string".
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# common.local
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = sshd-session
|
|
|
|
failregex = Did not receive identification string from <HOST>\s*$
|
|
|
|
ignoreregex =
|
|
|
|
[Init]
|
|
|