Mercurial > hg > maltfilter
changeset 76:4769aad8bd14
Root password bruteforcing check was not always working, fixed.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Thu, 27 Aug 2009 21:35:59 +0300 |
| parents | 6f3d53ea4245 |
| children | 54bb4f844063 |
| files | maltfilter |
| diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/maltfilter Thu Aug 27 00:32:51 2009 +0300 +++ b/maltfilter Thu Aug 27 21:35:59 2009 +0300 @@ -12,7 +12,7 @@ use Net::DNS; use LWP::UserAgent; -my $progversion = "0.17.1"; +my $progversion = "0.17.2"; my $progbanner = "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". @@ -89,11 +89,11 @@ check_add_hit($2, $mdate, "SSH login scan", "", 13, $settings{"CHK_SSHD"}); } # (1.2) Root account SSH login password bruteforcing attempts. - elsif (/^Failed password for root from (\d+\.\d+\.\d+\.\d+)/) { + elsif ($merr =~ /^Failed password for root from (\d+\.\d+\.\d+\.\d+)/) { check_add_hit($1, $mdate, "Root SSH password bruteforce", "", 13, $settings{"CHK_ROOT_SSH_PWD"}); } # (1.3) System account SSH login password bruteforcing attempts. - if ($merr =~ /^Failed password for (\S+) from (\d+\.\d+\.\d+\.\d+)/) { + elsif ($merr =~ /^Failed password for (\S+) from (\d+\.\d+\.\d+\.\d+)/) { my $mip = $2; my $macct = $1; if (defined($systemacct{$macct})) { check_add_hit($mip, $mdate, "SSH system account bruteforce", $macct, 13, $settings{"CHK_SYSACCT_SSH_PWD"});