[ Fail2ban ] Error ?
Résolu
adjordjevic
Messages postés
4
Date d'inscription
Statut
Membre
Dernière intervention
-
adjordjevic Messages postés 4 Date d'inscription Statut Membre Dernière intervention -
adjordjevic Messages postés 4 Date d'inscription Statut Membre Dernière intervention -
Bonjour je suis technicien et je voudrais avoir plus de éclaircissement sur ce résultat que j'ai eu du fail2ban-regex.
je suis sur debian 10 est-ce que c'est du à la version de debian ?
d'après mes recherches sur debian 9 ils n'ont pas eu de soucie ..
Hello I am a technician and I would like to have more clarification on this result :
je suis sur debian 10 est-ce que c'est du à la version de debian ?
d'après mes recherches sur debian 9 ils n'ont pas eu de soucie ..
Hello I am a technician and I would like to have more clarification on this result :
root@debian:/etc/fail2ban/filter.d# fail2ban-regex /var/log/auth.log sshd.conf
Running tests
=============
Use failregex filter file : sshd, basedir: /etc/fail2ban
Use maxlines : 1
Use datepattern : Default Detectors
Use log file : /var/log/auth.log
Use encoding : UTF-8
Results
=======
Failregex: 14 total
|- #) [# of hits] regular expression
| 6) [6] ^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?\s*$
| 20) [8] ^<F-MLFFORGET><F-NOFAIL>Accepted publickey</F-NOFAIL></F-MLFFORGET> for \S+ from <HOST>(?:\s|$)
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [213] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 213 lines, 0 ignored, 14 matched, 199 missed
[processed in 0.02 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 199 lines
Le soucie c'est que je ne comprend pas le résultat qui m'affiche, je ne sais pas si c'est une erreur, j'aimerais qu'on m'explique svp.
fail2ban-regex --print-all-missed /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use failregex filter file : sshd, basedir: /etc/fail2ban
Use maxlines : 1
Use datepattern : Default Detectors
Use log file : /var/log/auth.log
Use encoding : UTF-8
Results
=======
Failregex: 23 total
|- #) [# of hits] regular expression
| 6) [10] ^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: port \d+)?(?: on \S+(?: port \d+)?)?\s*$
| 20) [13] ^<F-MLFFORGET><F-NOFAIL>Accepted publickey</F-NOFAIL></F-MLFFORGET> for \S+ from <HOST>(?:\s|$)
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [317] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 317 lines, 0 ignored, 23 matched, 294 missed
[processed in 0.02 sec]
|- Missed line(s):
| Dec 29 00:17:01 debian CRON[1498]: pam_unix(cron:session): session opened for user root by (uid=0)
| Dec 29 00:17:01 debian CRON[1498]: pam_unix(cron:session): session closed for user root
| Dec 29 00:53:54 debian sshd[1640]: error: Received disconnect from <IP> port 40959:14: No supported authentication methods available [preauth]
| Dec 29 00:53:54 debian sshd[1640]: Disconnected from authenticating user axonesys <IP> port 40959 [preauth]
| Dec 29 00:54:27 debian sshd[1642]: error: Received disconnect from <IP> port 41240:14: No supported authentication methods available [preauth]
| Dec 29 00:54:27 debian sshd[1642]: Disconnected from authenticating user axonesys <IP> port 41240 [preauth]
| Dec 29 00:54:41 debian sshd[1644]: error: Received disconnect from <IP> port 44618:14: No supported authentication methods available [preauth]
| Dec 29 00:54:41 debian sshd[1644]: Disconnected from invalid user test <IP> port 44618 [preauth]
La réponse étais sous mes yeux, je n'avais pas compris merci encore :)