guardian: React on BF attacks for SSH at pre-auth stage.

See #10457.
2026-04-11 19:55:52 +02:00 · 2014-01-10 16:19:43 +01:00
parent 7514fe47f6
commit 2a747e37a8
2 changed files with 6 additions and 2 deletions
--- a/config/guardian/guardian.pl
+++ b/config/guardian/guardian.pl
@@ -106,6 +106,10 @@ for (;;) {
 					$temp = $array[11];
 				}
 				&checkssh ($temp, "possible SSH-Bruteforce Attack");}
+
+			# This should catch Bruteforce Attacks with enabled preauth
+			if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):.*\[preauth\]/) {
+				&checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");}
 			}
 	}

@@ -424,4 +428,4 @@ sub get_aliases {
 	}

 	print "done \n";
-}
+}
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -30,7 +30,7 @@ THISAPP    = guardian-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = guardian
-PAK_VER    = 8
+PAK_VER    = 9

 DEPS       = ""