Hello folks,
I'm using the latest stable x86 versions of Denyhosts, Openssh and PAM as
pulled off the portage tree, and am having a little bit of trouble getting
Denyhosts to play nice with the messages PAM is throwing into auth.log. I've
tried google for it, and threw the question to the Denyhosts mailing list,
but neither has turned up any possible assistance. The logs I'm trying to
parse are demonstrated below:
Nov 20 22:21:03 nova sshd[31328]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.233.br
oadband9.iol.cz user=root
Nov 20 22:21:06 nova sshd[31326]: error: PAM: Authentication failure for
root from 222.233.broadband9.iol.cz
It's happening with more than just the root user, so I've set up my
userdef_regex's to read as follows:
USERDEF_FAILED_ENTRY_REGEX=error: PAM: authentication failure for
(?P<invalid>invalid user |illegal user )?(?P<user>.*?) from
?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
USERDEF_FAILED_ENTRY_REGEX=pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=(?P<host>\S+) user=(?P<user>\S+)
If anyone can give me a hand figuring out where it is I broke something,
that would be greatly appreciated. As I said, I'm not sure how on-topic it
is for this particular list, but I'm getting nowhere with the avenues that
would probably be more appropriate.
Thanks in advance,
James
