Skip to content

Commit

Permalink
Windows' distribution of OpenSSH also changed its logging format (tes…
Browse files Browse the repository at this point in the history 
…ted with 9.5p1) by prepending "sshd: " to the payload text
  • Loading branch information
@Aldaviva
Aldaviva committed Aug 28, 2024
1 parent 4ee47c5 commit 9a727bc
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions Fail2Ban4Win/configuration.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@
"logName": "OpenSSH/Operational",
"eventId": 4,
"ipAddressEventDataName": "payload",
"ipAddressPattern": "^Failed password for(?: invalid user)? .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5} ssh\\d?$"
"ipAddressPattern": "^(?:sshd: )?Failed password for(?: invalid user)? .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5} ssh\\d?$"
}, {
"logName": "OpenSSH/Operational",
"eventId": 4,
"ipAddressEventDataName": "payload",
"ipAddressPattern": "^Invalid user .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5}$"
"ipAddressPattern": "^(?:sshd: )?Invalid user .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5}$"
}
]
}
2 changes: 1 addition & 1 deletion Readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ You can [customize](#configuration) most of the above specifics.
<a id="configuration"></a>
## Configuration
The provided example configuration file has selectors for [Remote Desktop Services](https://docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-portal), [Cygwin OpenSSH sshd](https://cygwin.com/packages/summary/openssh.html) (updated in 1.3.1), and [Windows OpenSSH sshd](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview). It also has some example values for `neverBanSubnets` and other properties that you can replace with your own values.
The provided example configuration file has selectors for [Remote Desktop Services](https://docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-portal), [Cygwin OpenSSH sshd](https://cygwin.com/packages/summary/openssh.html) (updated in [1.3.1](https://github.com/Aldaviva/Fail2Ban4Win/releases/tag/1.3.1)), and [Windows OpenSSH sshd](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview) (updated in [1.3.1](https://github.com/Aldaviva/Fail2Ban4Win/releases/tag/1.3.1)). It also has some example values for `neverBanSubnets` and other properties that you can replace with your own values.
Be aware that `isDryRun` defaults to `true` to avoid accidentally blocking traffic until you're ready.
Expand Down

0 comments on commit 9a727bc

Please sign in to comment.