Results 1 to 4 of 4

Thread: Need help to make a Fail2Ban regex

  1. #1
    Join Date
    Sep 2013
    Beans
    14

    Need help to make a Fail2Ban regex

    Hello. I need to configure Fail2Ban to ban when following entries appear in log:

    [I YY-MM-DD HH:MM:SS] <IP>:<PORT>-[] USER '<USERNAME>' failed login.

    But I'm confused as to how do Fail2Ban regexes work. Apparently, they're extended in some way. I tried to write one, but they refuse to work. Can anyone help?

  2. #2
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Need help to make a Fail2Ban regex

    Quote Originally Posted by Nil_Pointer View Post
    I tried to write one, but they refuse to work. Can anyone help?
    To help us help you efficiently it's better if you post the regex you tried and the way you tested it (see 'man fail2ban-regex'?).

  3. #3
    Join Date
    Sep 2013
    Beans
    14

    Re: Need help to make a Fail2Ban regex

    Well, I've decided to use SFTP instead of FTP server, and therefore I don't need to match those auth fails anymore.

    As for regexes... I didn't save them and tested them with fail2ban-regex. If I understand correctly, timestamps must be matched somewhere else (I had an error, where it said something about "no valid date/time found"). If I'd have to write standard regex to match entire string, it'd be easy. But I those seems to be extended, I don't know where to write timestamp-matching regex and I was unable to find adequate docs.

  4. #4
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Need help to make a Fail2Ban regex

    Quote Originally Posted by Nil_Pointer View Post
    As for regexes... I didn't save them and tested them with fail2ban-regex.
    That would be the obvious and preferred way to test them.


    Quote Originally Posted by Nil_Pointer View Post
    If I understand correctly, timestamps must be matched somewhere else (I had an error, where it said something about "no valid date/time found"). If I'd have to write standard regex to match entire string, it'd be easy. But I those seems to be extended, I don't know where to write timestamp-matching regex and I was unable to find adequate docs.
    Date formats are listed in datedetector.py.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •