Mercurial > repos > other > Puppet

diff common/fail2ban/ibb-sshd.conf @ 171:103a3630e9b2 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tighten up some Fail2Ban rules (including SSH probes with only insecure keys)
author IBBoard <dev@ibboard.co.uk>
date Tue, 06 Feb 2018 20:42:49 +0000
parents
children 1af9fd04c285
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/fail2ban/ibb-sshd.conf	Tue Feb 06 20:42:49 2018 +0000
@@ -0,0 +1,19 @@
+# Fail2Ban configuration file
+# Author: IBBoard
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = Unable to negotiate with <host> port [0-9]+: no matching host key type found. Their offer: ssh-rsa,ssh-dss \[preauth\]
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =