yo/reaction
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Generalisation of new SSH regex

Browse Source
This commit is contained in:
ppom 2024-01-06 12:00:00 +01:00
parent ed809f4f98
commit e1ff702cd1
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/example.yml
View File

@ -55,7 +55,7 @@ streams:
# ip's regex is inserted in the following regex # ip's regex is inserted in the following regex
- 'authentication failure;.*rhost=<ip>' - 'authentication failure;.*rhost=<ip>'
- 'Failed password for .* from <ip>' - 'Failed password for .* from <ip>'
- 'Connection reset by authenticating user .* <ip>' - 'Connection (reset|closed) by (authenticating|invalid) user .* <ip>'
# if retry and retryperiod are defined, # if retry and retryperiod are defined,
# the actions will only take place if a same pattern is # the actions will only take place if a same pattern is
# found `retry` times in a `retryperiod` interval # found `retry` times in a `retryperiod` interval

2
config/example.jsonnet
View File

@ -64,7 +64,7 @@ local iptables(args) = ['ip46tables', '-w'] + args;
// ip's regex is inserted in the following regex // ip's regex is inserted in the following regex
@'authentication failure;.*rhost=<ip>', @'authentication failure;.*rhost=<ip>',
@'Failed password for .* from <ip>', @'Failed password for .* from <ip>',
@'Connection reset by authenticating user .* <ip>', @'Connection (reset|closed) by (authenticating|invalid) user .* <ip>',
], ],
// if retry and retryperiod are defined, // if retry and retryperiod are defined,
// the actions will only take place if a same pattern is // the actions will only take place if a same pattern is

3
config/server.jsonnet
View File

@ -16,7 +16,8 @@ local banFor(time) = {
// ip46tables (C program also in this repo) handles running the good commands // ip46tables (C program also in this repo) handles running the good commands
ip: { ip: {
regex: @'(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}|(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?:(?::[0-9a-fA-F]{1,4}){1,6})|:(?:(?::[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(?::0{1,4}){0,1}:){0,1}(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])|(?:[0-9a-fA-F]{1,4}:){1,4}:(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9]))', regex: @'(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}|(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?:(?::[0-9a-fA-F]{1,4}){1,6})|:(?:(?::[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(?::0{1,4}){0,1}:){0,1}(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])|(?:[0-9a-fA-F]{1,4}:){1,4}:(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9]))',
ignore: std.makeArray(255, function(i) "192.168.1."+i), // Ignore all from 192.168.1.1 to 192.168.1.255
ignore: std.makeArray(255, function(i) '192.168.1.' + (i + 1)),
}, },
}, },