You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for creating crowdsec. I am currently playing around with its capabilities.
I hardened my ssh server so that it only accepts connections from specific users, defined in the sshd_config AllowUsers directive. From my perspective anyone trying to log into my ssh server with any user not included in the AllowUsers list is brute forcing.
A regular log line for this attack on my debian machine looks like this:
2023-11-14T00:20:42.738197+01:00 myserver sshd[1112652]: User root from 180.101.xxx.xxx not allowed because not listed in AllowUsers
Using cscli explain --type sshd on the log line returns this:
line: 2023-11-14T00:20:42.738197+01:00 myserver sshd[1112652]: User root from 180.101.xxx.xxx not allowed because not listed in AllowUsers
├ s00-raw
| ├ 🟢 crowdsecurity/non-syslog (+5 ~8)
| └ 🔴 crowdsecurity/syslog-logs
├ s01-parse
| ├ 🔴 crowdsecurity/nginx-logs
| └ 🔴 crowdsecurity/sshd-logs
└-------- parser failure 🔴
Would it be possible to add this case to the parser?
The text was updated successfully, but these errors were encountered:
Check Releases to make sure your agent is on the latest version.
Details
I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.
@d-Rickyy-b: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
/kind feature
/kind enhancement
/kind bug
/kind packaging
Details
I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.
What would you like to be added?
/kind enhancement
Why is this needed?
Thanks for creating crowdsec. I am currently playing around with its capabilities.
I hardened my ssh server so that it only accepts connections from specific users, defined in the sshd_config AllowUsers directive. From my perspective anyone trying to log into my ssh server with any user not included in the AllowUsers list is brute forcing.
A regular log line for this attack on my debian machine looks like this:
Using
cscli explain --type sshd
on the log line returns this:Would it be possible to add this case to the parser?
The text was updated successfully, but these errors were encountered: