1.3.1
- #35: Updated the default configuration file to reflect new Source and Data values for Cygwin sshd and Windows sshd.
- You should update your
configuration.jsonfile if you use Fail2Ban4Win with OpenSSH sshd distributed by Cygwin or Microsoft. - To update an existing Fail2Ban4Win installation, you need to manually copy the following objects to the
eventLogSelectorsarray inconfiguration.json, replacing the existing objects that have the samelogNameandsource. Fail2Ban4Win won't modify this file automatically, to avoid overwriting your customized configuration.{ "logName": "Application", "source": "sshd-session", "eventId": 0, "ipAddressPattern": "^sshd-session: PID \\d+: Failed password for(?: invalid user)? .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5} ssh\\d?$" }, { "logName": "OpenSSH/Operational", "eventId": 4, "ipAddressEventDataName": "payload", "ipAddressPattern": "^(?:sshd: )?Failed password for(?: invalid user)? .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5} ssh\\d?$" }, { "logName": "OpenSSH/Operational", "eventId": 4, "ipAddressEventDataName": "payload", "ipAddressPattern": "^(?:sshd: )?Invalid user .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5}$" } - Cygwin sshd gained an additional selector for the
sshd-sessionsource (the first object above). - The two existing Windows sshd selectors had their
ipAddressPatternvalues modified by adding a leading(?:sshd: )?(the second and third objects above). - Thank you @Eno77 for noticing and raising this issue.
- You should update your
Contributors
Eno77