Gentoo Archives: gentoo-user

From: James Homuth <james@×××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Possibly OT - Denyhosts regex question
Date: Fri, 21 Nov 2008 04:05:17
Message-Id: 0a4701c94b8e$54845e10$a500a8c0@quan
1 Hello folks,
3 I'm using the latest stable x86 versions of Denyhosts, Openssh and PAM as
4 pulled off the portage tree, and am having a little bit of trouble getting
5 Denyhosts to play nice with the messages PAM is throwing into auth.log. I've
6 tried google for it, and threw the question to the Denyhosts mailing list,
7 but neither has turned up any possible assistance. The logs I'm trying to
8 parse are demonstrated below:
9 Nov 20 22:21:03 nova sshd[31328]: pam_unix(sshd:auth): authentication
10 failure; logname= uid=0 euid=0 tty=ssh ruser=
11 user=root
13 Nov 20 22:21:06 nova sshd[31326]: error: PAM: Authentication failure for
14 root from
16 It's happening with more than just the root user, so I've set up my
17 userdef_regex's to read as follows:
18 USERDEF_FAILED_ENTRY_REGEX=error: PAM: authentication failure for
19 (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from
20 ?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
22 USERDEF_FAILED_ENTRY_REGEX=pam_unix(sshd:auth): authentication failure;
23 logname= uid=0 euid=0 tty=ssh ruser= rhost=(?P<host>\S+) user=(?P<user>\S+)
26 If anyone can give me a hand figuring out where it is I broke something,
27 that would be greatly appreciated. As I said, I'm not sure how on-topic it
28 is for this particular list, but I'm getting nowhere with the avenues that
29 would probably be more appropriate.
31 Thanks in advance,
32 James


Subject Author
Re: [gentoo-user] Possibly OT - Denyhosts regex question deface <deface@×××××××××××.net>