This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, fifteen has been updated via 2a747e37a86f44c5da8dbf67c4135772df29f24e (commit) from 7514fe47f6b2caf5a1dfc80de3a539975b753b21 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2a747e37a86f44c5da8dbf67c4135772df29f24e Author: Kim Wölfel xaver4all@gmx.de Date: Fri Jan 10 16:19:43 2014 +0100
guardian: React on BF attacks for SSH at pre-auth stage.
See #10457.
-----------------------------------------------------------------------
Summary of changes: config/guardian/guardian.pl | 6 +++++- lfs/guardian | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-)
Difference in files: diff --git a/config/guardian/guardian.pl b/config/guardian/guardian.pl index 86d93fe..34546b7 100644 --- a/config/guardian/guardian.pl +++ b/config/guardian/guardian.pl @@ -106,6 +106,10 @@ for (;;) { $temp = $array[11]; } &checkssh ($temp, "possible SSH-Bruteforce Attack");} + + # This should catch Bruteforce Attacks with enabled preauth + if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):.*[preauth]/) { + &checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");} } }
@@ -424,4 +428,4 @@ sub get_aliases { }
print "done \n"; -} \ No newline at end of file +} diff --git a/lfs/guardian b/lfs/guardian index fea50db..a91fbd9 100644 --- a/lfs/guardian +++ b/lfs/guardian @@ -30,7 +30,7 @@ THISAPP = guardian-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = guardian -PAK_VER = 8 +PAK_VER = 9
DEPS = ""
hooks/post-receive -- IPFire 2.x development tree