Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jul 2016 13:08:21 -0400
From:      pathiaki2 <pathiaki2@yahoo.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Fail2ban python regex issue
Message-ID:  <1e97441f-a33e-b791-a07f-6a7b4a9af0c0@yahoo.com>
In-Reply-To: <20160724165545.0e784017@gumby.homeunix.com>
References:  <1b35e652-1540-6eb3-9a6e-47a0cf4ce97a@yahoo.com> <20160724165545.0e784017@gumby.homeunix.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I solved it with a much less selective line:


             ^%(__prefix_line)sauth: ldap\(\S*,<HOST>\): unknown user

It grabs the correct lines and bans the correct IPs now.

Thank you for making me think 'simpler'.

P.

On 07/24/2016 11:55, RW via freebsd-questions wrote:
> On Sat, 23 Jul 2016 17:06:53 -0400
> pathiaki2 via freebsd-questions wrote:
>
>> Hi,
>>
>> I'm extending fail2ban to catch things on FreeBSD.
>> ...
>> Jul 23 00:02:48 <machine FQDN> dovecot: auth:
>> ldap(valeria,91.200.12.148): unknown user (SHA1 of given password:
>> e557ee1b78fd6978af5ea1f614597f79dc13c40e)
>>
>> I'm trying this:
>>
>> ^%(__prefix_line)s(: auth: ldap\(\S+,<HOST>\):) unknown user\s*$
>>
>> What am I missing?  There's no error with the interpreter, it's just
>> not matching the line.
> I don't use fail2ban, so I may have misunderstood something, but the
> obvious answer is that the "\s*$" on the end of the regex shouldn't be
> there.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1e97441f-a33e-b791-a07f-6a7b4a9af0c0>