Fail2ban python regex issue
pathiaki2
pathiaki2 at yahoo.com
Sun Jul 24 17:08:25 UTC 2016
I solved it with a much less selective line:
^%(__prefix_line)sauth: ldap\(\S*,<HOST>\): unknown user
It grabs the correct lines and bans the correct IPs now.
Thank you for making me think 'simpler'.
P.
On 07/24/2016 11:55, RW via freebsd-questions wrote:
> On Sat, 23 Jul 2016 17:06:53 -0400
> pathiaki2 via freebsd-questions wrote:
>
>> Hi,
>>
>> I'm extending fail2ban to catch things on FreeBSD.
>> ...
>> Jul 23 00:02:48 <machine FQDN> dovecot: auth:
>> ldap(valeria,91.200.12.148): unknown user (SHA1 of given password:
>> e557ee1b78fd6978af5ea1f614597f79dc13c40e)
>>
>> I'm trying this:
>>
>> ^%(__prefix_line)s(: auth: ldap\(\S+,<HOST>\):) unknown user\s*$
>>
>> What am I missing? There's no error with the interpreter, it's just
>> not matching the line.
> I don't use fail2ban, so I may have misunderstood something, but the
> obvious answer is that the "\s*$" on the end of the regex shouldn't be
> there.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list