Fedora Users — log.d/scripts/services/sshd - does not work with FC3 and sshd?

log.d/scripts/services/sshd - does not work with FC3 and sshd?

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Subject: log.d/scripts/services/sshd - does not work with FC3 and sshd?

From: B Wooster <bwooster47@xxxxxxxxx>

Date: Wed, 6 Apr 2005 19:50:57 -0400

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=Ar+VD6s9ErlgytqFavoE/zKTM1w824lL76tGYK8nu5pbBlff6Ot3Mnf0NbgMR6OnEQFswwnYiYMNXv0UpQifX37bYau2N6HBX3AM6GUHbKeB0Jui4S2xQq49pjlVgJPOVXrcqBrXmv7nHOm4xeNr7FV+4jeznjJPBC4BcNootyE=

List-archive: <https://www.redhat.com/archives/fedora-list>

List-help: <mailto:[email protected]?subject=help>

List-id: For users of Fedora Core releases <fedora-list.redhat.com>

List-post: <mailto:[email protected]>

List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>

Reply-to: B Wooster <bwooster47@xxxxxxxxx>, For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

So on FC3 I keep getting the daily logwatch email, and it reports on
all the people trying to break into my sshd server, but looks like the
script:

 m/^Failed (\S+) for illegal user (.*) from ([^ ]+) port (\d+)/ ) { #openssh

is wrong, it should be:
m/^Failed (\S+) for invalid user (.*) from ([^ ]+) port (\d+)/ ) {

similarly for other lines, such as User not allowed.
/etc/log.d/scripts/services/sshd
script is not right for FC3.

Does anyone else with FC3, and ssh enabled, have these problems?
Not sure if I should submit a bug report (I did send email to the
person listed in the logwatch script, but received no response).