Well, it broke with Mageia 6 due to a changed format and syntax of the messages reported to /var/log/auth.log by sshd.
So, for anyone who needs it, here is the new regex that is needed to restore its functionality in Mageia 6. This string would go into the /etc/blockhosts.cfg file with the other regex strings.
- Code: Select all
"SSHD_noAuth": r"""^[^[]+?sshd\[(?P<pid>\d+)\]: pam_unix\(sshd:auth\): authentication failure; logname=.* rhost=(::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+user=.*$""",