Attacks against valid users don't get caught
Bug #152964 reported by
Nighty
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| fail2ban (Debian) |
Fix Released
|
Unknown
|
|||
| fail2ban (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Bug Description
Binary package hint: fail2ban
The current configuration shipped with version 0.7.6-3ubuntu1 of fail2ban fails to catch failed login attempts for valid users. Example line of my /var/log/auth.log that didn't get matched:
Oct 13 10:16:34 tardis sshd[18845]: Failed password for nighty from 87.238.161.11 port 38046 ssh2
Replacing the following line in /etc/fail2ban/
(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:
with
(?:Authentication failure|Failed [-/\w+]+) for .*(?: from|FROM) <HOST>
remedies this. Just tested it from 2 remote hosts to my machine, and it catches wrong passwords as well as empty passwords, like the old rule did, but this time also for existing users.
| Changed in fail2ban: | |
| assignee: | nobody → jamie-strandboge |
| Changed in fail2ban: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Wouter Stomp (wouterstomp-deactivatedaccount) wrote | #1 |
| Changed in fail2ban: | |
| status: | New → Fix Released |
To post a comment you must log in.
According to the upstream bug report, this bug was no in the debian version of the package, which was later synced to ubuntu. So it should be fixed now.