| @@ -1,15 +1,47 @@ | | | @@ -1,15 +1,47 @@ |
1 | $NetBSD: patch-af,v 1.1 2007/08/18 15:10:39 taca Exp $ | | 1 | $NetBSD: patch-af,v 1.1.54.1 2013/12/29 21:21:36 tron Exp $ |
2 | | | 2 | |
3 | Fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4323 | | 3 | Fix for CVE-2013-6890 |
| | | 4 | (See http://seclists.org/oss-sec/2013/q4/535) |
4 | | | 5 | |
5 | --- DenyHosts/regex.py.orig 2006-12-08 04:47:04.000000000 +0900 | | 6 | --- DenyHosts/regex.py.orig 2013-12-26 22:46:33.000000000 +0000 |
6 | +++ DenyHosts/regex.py | | 7 | +++ DenyHosts/regex.py |
7 | @@ -17,7 +17,7 @@ FAILED_ENTRY_REGEX3 = re.compile(r"""Aut | | 8 | @@ -6,22 +6,22 @@ import re |
8 | | | 9 | |
9 | FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") | | 10 | #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""") |
| | | 11 | |
| | | 12 | -SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""") |
| | | 13 | +SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""") |
| | | 14 | #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""") |
| | | 15 | |
| | | 16 | -FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") |
| | | 17 | +FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") |
| | | 18 | |
| | | 19 | -FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") |
| | | 20 | +FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") |
| | | 21 | |
| | | 22 | -FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") |
| | | 23 | +FAILED_ENTRY_REGEX3 = None |
| | | 24 | |
| | | 25 | -FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") |
| | | 26 | +FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""") |
10 | | | 27 | |
11 | -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") | | 28 | -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") |
12 | +FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""") | | 29 | +FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""") |
| | | 30 | |
| | | 31 | -FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") |
| | | 32 | +FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") |
| | | 33 | |
| | | 34 | -FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""") |
| | | 35 | +FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""") |
| | | 36 | |
| | | 37 | |
| | | 38 | # these are reserved for future versions |
| | | 39 | @@ -42,7 +42,7 @@ for i in FAILED_ENTRY_REGEX_RANGE: |
| | | 40 | FAILED_ENTRY_REGEX_MAP[i] = rx |
| | | 41 | |
| | | 42 | |
| | | 43 | -SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") |
| | | 44 | +SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") |
13 | | | 45 | |
14 | FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") | | 46 | TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""") |
15 | | | 47 | |