This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via 2a747e37a86f44c5da8dbf67c4135772df29f24e (commit)
from 7514fe47f6b2caf5a1dfc80de3a539975b753b21 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2a747e37a86f44c5da8dbf67c4135772df29f24e
Author: Kim Wölfel <xaver4all(a)gmx.de>
Date: Fri Jan 10 16:19:43 2014 +0100
guardian: React on BF attacks for SSH at pre-auth stage.
See #10457.
-----------------------------------------------------------------------
Summary of changes:
config/guardian/guardian.pl | 6 +++++-
lfs/guardian | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
Difference in files:
diff --git a/config/guardian/guardian.pl b/config/guardian/guardian.pl
index 86d93fe..34546b7 100644
--- a/config/guardian/guardian.pl
+++ b/config/guardian/guardian.pl
@@ -106,6 +106,10 @@ for (;;) {
$temp = $array[11];
}
&checkssh ($temp, "possible SSH-Bruteforce Attack");}
+
+ # This should catch Bruteforce Attacks with enabled preauth
+ if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):.*\[preauth\]/) {
+ &checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");}
}
}
@@ -424,4 +428,4 @@ sub get_aliases {
}
print "done \n";
-}
\ No newline at end of file
+}
diff --git a/lfs/guardian b/lfs/guardian
index fea50db..a91fbd9 100644
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -30,7 +30,7 @@ THISAPP = guardian-$(VER)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = guardian
-PAK_VER = 8
+PAK_VER = 9
DEPS = ""
hooks/post-receive
--
IPFire 2.x development tree