Almalinux 10, sshd daemon and logfile

[rasskazov]

I installed csf on Almalinux 10.
It does not block when entering an incorrect username/password.
The problem is that the sshd daemon has changed the format of the entry in the /var/log/secure log file.
In Almalinux 8/9, the daemon was called

Code: Select all

sshd[2084920]:pam_unix(sshd:auth): authentication failure

In the 10th version,

Code: Select all

sshd-session[10741]: pam_unix(sshd:auth): authentication failure

Perhaps this is the reason for the lack of blocking.

How can I force a parser with REGEX to process sshd-session instead of sshd?

[rasskazov]

I figured out the problem.
In the file:
/usr/local/csf/lib/ConfigServer/RegexMain.pm
Between (\S+ )? and \[\d+\]:
Replaced sshd with sshd-session

[marcele]

You should know that Redhat is likely to remove ipset and iptables in the future. Right now you get these warnings on the console:

Unmaintained driver is detected: ipset
Unmaintained driver is detected: ip_tables

More information:
https://access.redhat.com/solutions/6739041

Does anyone know if chirpy is working on upgrading csf to not use ipset and iptables now that they have been deprecated? I can help out with testing if you need volunteers.