Menu
▾
▴
fail2ban-users
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 14:11:49
|
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8">Its mostly important that i understod the Syntax, so i found the devlopment documentation from version 0.9. so here it’s a overview of the right syntax.<div><br></div><div>One syntax arn‘t important, the global perspective are the better road.</div><div><br></div><div>Thanks</div><div><br id="lineBreakAtBeginningOfSignature"><div dir="ltr">Von meinem iPhone gesendet</div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users <fai...@li...>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
You also need to give us a bit more help, like examples of the
failed log you are trying to match.<br>
<br>
BTW, why try to match a port with \w+ and not \d+? And why \w+?.<br>
<br>
<div class="moz-cite-prefix">On 20/05/2024 13:36, Arturo 'Buanzo'
Busleiman wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAA...@ma...">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">It would seem that you need to learn more regex
before attempting to write fail2ban custom filters. It is in
fact a common syntax. You just need to read about the
particulars.
<div dir="auto"><br>
</div>
<div dir="auto">Please use fail2ban-regex command to test and
learn.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Bye!</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 20, 2024, 09:28
Maurizio Caloro <<a href="mailto:mau...@ca..." moz-do-not-send="true" class="moz-txt-link-freetext">mau...@ca...</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" style="word-wrap:break-word" lang="DE-CH">
<div class="m_995798941233642463WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Yes,
thanks, yes thats true</span></p>
<ul style="margin-top:0cm" type="disc">
<li class="m_995798941233642463MsoListParagraph" style="margin-left:17.4pt"><span style="font-size:11.0pt">«.\[<HOST>\]:\ »</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11.0pt">but
when i add this for example to pyrex, this didnt
match.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">So its
not possible to find any «regexeditor» that match with
fail2ban so that i can simulate this?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt" lang="FR-CH">This also is a valid string, this match
on « Regex101 python « but not with fail2ban</span></p>
<ul style="margin-top:0cm" type="disc">
<li class="m_995798941233642463MsoListParagraph" style="margin-left:17.4pt"><span style="font-size:11.0pt">:\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Sorry
i have not yet understood which editor i can use for
sim, or is fail2ban a separate unic regex Interpreter?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks
for update</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="DE">Von:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="DE"> Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">fai...@li...</a>>
<br>
<b>Gesendet:</b> Montag, 20. Mai 2024 13:53<br>
<b>An:</b> <a href="mailto:fai...@li..." target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">fai...@li...</a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Surely
you need a <HOST> variable in that for f2b to
work. Something like:<br>
<br>
<span lang="FR-CH">NON-SMTP COMMAND
from.\[<HOST>\]:\d+ after
CONNECT:.GET./.HTTP/1.1</span><br>
<br>
Normally you'd also expect some sort of timestamp in the
logs.</p>
<div>
<p class="MsoNormal">On 20/05/2024 12:37, Maurizio
Caloro via Fail2ban-users wrote:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks
for your answer</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Please,
after generate this syntax, no chance to include
this to Fail2ban.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">From
4389 found 0 hits</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt" lang="FR-CH">[Appl PyRex]</span></p>
<p class="MsoNormal"><span lang="FR-CH">NON-SMTP COMMAND
from.\[+.............\]:......after
CONNECT:.GET./.HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:#c6e3ff" lang="FR-CH">NON-SMTP
COMMAND from [64.62.197.214]:13465 after CONNECT:
GET / HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:#c6e3ff" lang="FR-CH"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">But
what are wrong here?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">thanks</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span></p>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="DE">Von:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="DE"> Arturo 'Buanzo' Busleiman <a href="mailto:bu...@bu..." target="_blank" rel="noreferrer" moz-do-not-send="true"><<span style="font-size:12.0pt;font-family:"Aptos",sans-serif;color:windowtext;text-decoration:none">
</span><span style="color:windowtext">bu...@bu...</span>
></a> <br>
<b>Gesendet:</b> Montag, 20. Mai 2024 12:47<br>
<b>An:</b> <a href="mailto:mau...@ca..." target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">mau...@ca...</a><br>
<b>Cc:</b> Fail 2 Ban <a href="mailto:Fai...@li..." target="_blank" rel="noreferrer" moz-do-not-send="true"><Fai...@li...></a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Use pyrex or any python
compatible one. Also be mindful of interpreting the
filter definitions in filter.d and using
fail2ban-regex as testing ground.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Mon, May 20, 2024, 07:21
Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li..." target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">fai...@li...</a>>
wrote:</p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span lang="DE">Hello</span></p>
<p class="MsoNormal">Please i think the Version
1.1.0 are the newest Version from Fail2ban?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">Support
this now full regex?, i see meny time, that
i puzzle on regex101 me syntax and after
implement</span></p>
<p class="MsoNormal">This to live system, this
will be always chane.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">So this
question, about Regex compatilities ?</span></p>
<p class="MsoNormal"><span lang="FR-CH">Thanks</span></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>_______________________________________________</pre>
<pre>Fail2ban-users mailing list</pre>
<pre><a href="mailto:Fai...@li..." target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">Fai...@li...</a></pre>
<pre><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
<lt-container></lt-container>
<span>_______________________________________________</span><br><span>Fail2ban-users mailing list</span><br><span>Fai...@li...</span><br><span>https://lists.sourceforge.net/lists/listinfo/fail2ban-users</span><br></div></blockquote></div></div></body></html> |
|
From: Arturo 'B. B. <bu...@bu...> - 2024-05-20 14:30:21
|
No, it might not be important, but considering the very focused problem you are trying to solve... specificity is required. On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users < fai...@li...> wrote: > Its mostly important that i understod the Syntax, so i found the > devlopment documentation from version 0.9. so here it’s a overview of the > right syntax. > > One syntax arn‘t important, the global perspective are the better road. > > Thanks > > Von meinem iPhone gesendet > > Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users < > fai...@li...>: > > You also need to give us a bit more help, like examples of the failed > log you are trying to match. > > BTW, why try to match a port with \w+ and not \d+? And why \w+?. > > On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: > > It would seem that you need to learn more regex before attempting to write > fail2ban custom filters. It is in fact a common syntax. You just need to > read about the particulars. > > Please use fail2ban-regex command to test and learn. > > Bye! > > On Mon, May 20, 2024, 09:28 Maurizio Caloro <mau...@ca...> wrote: > >> Yes, thanks, yes thats true >> >> - «.\[<HOST>\]:\ » >> >> but when i add this for example to pyrex, this didnt match. >> >> >> >> So its not possible to find any «regexeditor» that match with fail2ban so >> that i can simulate this? >> >> This also is a valid string, this match on « Regex101 python « but not >> with fail2ban >> >> - :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 >> >> >> >> Sorry i have not yet understood which editor i can use for sim, or is >> fail2ban a separate unic regex Interpreter? >> >> Thanks for update >> >> >> >> *Von:* Nick Howitt via Fail2ban-users < >> fai...@li...> >> *Gesendet:* Montag, 20. Mai 2024 13:53 >> *An:* fai...@li... >> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >> Regex >> >> >> >> Surely you need a <HOST> variable in that for f2b to work. Something like: >> >> NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 >> >> Normally you'd also expect some sort of timestamp in the logs. >> >> On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: >> >> Thanks for your answer >> >> >> >> Please, after generate this syntax, no chance to include this to Fail2ban. >> >> From 4389 found 0 hits >> >> >> >> [Appl PyRex] >> >> NON-SMTP COMMAND from.\[+.............\]:......after >> CONNECT:.GET./.HTTP/1.1 >> >> NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 >> >> >> >> But what are wrong here? >> >> thanks >> >> >> >> *Von:* Arturo 'Buanzo' Busleiman < bu...@bu... > >> <bu...@bu...> >> *Gesendet:* Montag, 20. Mai 2024 12:47 >> *An:* mau...@ca... >> *Cc:* Fail 2 Ban <Fai...@li...> >> <Fai...@li...> >> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >> Regex >> >> >> >> Use pyrex or any python compatible one. Also be mindful of interpreting >> the filter definitions in filter.d and using fail2ban-regex as testing >> ground. >> >> >> >> >> >> >> >> On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < >> fai...@li...> wrote: >> >> Hello >> >> Please i think the Version 1.1.0 are the newest Version from Fail2ban? >> >> >> >> Support this now full regex?, i see meny time, that i puzzle on regex101 >> me syntax and after implement >> >> This to live system, this will be always chane. >> >> >> >> So this question, about Regex compatilities ? >> >> Thanks >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> >> >> >> _______________________________________________ >> >> Fail2ban-users mailing list >> >> Fai...@li... >> >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> >> > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 14:40:56
|
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman <bu...@bu...>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">No, it might not be important, but considering the very focused problem you are trying to solve... specificity is required.<div><br></div></div></div></blockquote><div><br></div>That’s not a problem, that was only a try for a shorter solution „abbreviation“ but without impact.<div><br></div><div>But with python i have the possibilities to sim this, or only with fail2ban-regex.<br><div><br></div><div>I think that i have enough, like this mentoined paper and the folder „filter.d“ as example.</div><div><br></div><div>Thanks</div><div><blockquote type="cite"><div dir="ltr"><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li...">fai...@li...</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr">Its mostly important that i understod the Syntax, so i found the devlopment documentation from version 0.9. so here it’s a overview of the right syntax.<div><br></div><div>One syntax arn‘t important, the global perspective are the better road.</div><div><br></div><div>Thanks</div><div><br id="m_-3142848838625252518lineBreakAtBeginningOfSignature"><div dir="ltr">Von meinem iPhone gesendet</div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." target="_blank">fai...@li...</a>>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
You also need to give us a bit more help, like examples of the
failed log you are trying to match.<br>
<br>
BTW, why try to match a port with \w+ and not \d+? And why \w+?.<br>
<br>
<div>On 20/05/2024 13:36, Arturo 'Buanzo'
Busleiman wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">It would seem that you need to learn more regex
before attempting to write fail2ban custom filters. It is in
fact a common syntax. You just need to read about the
particulars.
<div dir="auto"><br>
</div>
<div dir="auto">Please use fail2ban-regex command to test and
learn.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Bye!</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 20, 2024, 09:28
Maurizio Caloro <<a href="mailto:mau...@ca..." target="_blank">mau...@ca...</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="overflow-wrap: break-word;" lang="DE-CH">
<div>
<p class="MsoNormal"><span style="font-size:11pt">Yes,
thanks, yes thats true</span></p>
<ul style="margin-top:0cm" type="disc">
<li style="margin-left:17.4pt"><span style="font-size:11pt">«.\[<HOST>\]:\ »</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11pt">but
when i add this for example to pyrex, this didnt
match.</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">So its
not possible to find any «regexeditor» that match with
fail2ban so that i can simulate this?</span></p>
<p class="MsoNormal"><span style="font-size:11pt" lang="FR-CH">This also is a valid string, this match
on « Regex101 python « but not with fail2ban</span></p>
<ul style="margin-top:0cm" type="disc">
<li style="margin-left:17.4pt"><span style="font-size:11pt">:\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">Sorry
i have not yet understood which editor i can use for
sim, or is fail2ban a separate unic regex Interpreter?</span></p>
<p class="MsoNormal"><span style="font-size:11pt">Thanks
for update</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<div>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE">Von:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE"> Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." rel="noreferrer" target="_blank">fai...@li...</a>>
<br>
<b>Gesendet:</b> Montag, 20. Mai 2024 13:53<br>
<b>An:</b> <a href="mailto:fai...@li..." rel="noreferrer" target="_blank">fai...@li...</a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12pt">Surely
you need a <HOST> variable in that for f2b to
work. Something like:<br>
<br>
<span lang="FR-CH">NON-SMTP COMMAND
from.\[<HOST>\]:\d+ after
CONNECT:.GET./.HTTP/1.1</span><br>
<br>
Normally you'd also expect some sort of timestamp in the
logs.</p>
<div>
<p class="MsoNormal">On 20/05/2024 12:37, Maurizio
Caloro via Fail2ban-users wrote:</p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<p class="MsoNormal"><span style="font-size:11pt">Thanks
for your answer</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">Please,
after generate this syntax, no chance to include
this to Fail2ban.</span></p>
<p class="MsoNormal"><span style="font-size:11pt">From
4389 found 0 hits</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt" lang="FR-CH">[Appl PyRex]</span></p>
<p class="MsoNormal"><span lang="FR-CH">NON-SMTP COMMAND
from.\[+.............\]:......after
CONNECT:.GET./.HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:rgb(198,227,255)" lang="FR-CH">NON-SMTP
COMMAND from [64.62.197.214]:13465 after CONNECT:
GET / HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:rgb(198,227,255)" lang="FR-CH"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">But
what are wrong here?</span></p>
<p class="MsoNormal"><span style="font-size:11pt">thanks</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE">Von:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE"> Arturo 'Buanzo' Busleiman <a href="mailto:bu...@bu..." rel="noreferrer" target="_blank"><<span style="font-size:12pt;font-family:Aptos,sans-serif;color:windowtext;text-decoration:none">
</span><span style="color:windowtext">bu...@bu...</span>
></a> <br>
<b>Gesendet:</b> Montag, 20. Mai 2024 12:47<br>
<b>An:</b> <a href="mailto:mau...@ca..." rel="noreferrer" target="_blank">mau...@ca...</a><br>
<b>Cc:</b> Fail 2 Ban <a href="mailto:Fai...@li..." rel="noreferrer" target="_blank"><Fai...@li...></a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Use pyrex or any python
compatible one. Also be mindful of interpreting the
filter definitions in filter.d and using
fail2ban-regex as testing ground.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Mon, May 20, 2024, 07:21
Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li..." rel="noreferrer" target="_blank">fai...@li...</a>>
wrote:</p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt">
<div>
<div>
<p class="MsoNormal"><span lang="DE">Hello</span></p>
<p class="MsoNormal">Please i think the Version
1.1.0 are the newest Version from Fail2ban?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">Support
this now full regex?, i see meny time, that
i puzzle on regex101 me syntax and after
implement</span></p>
<p class="MsoNormal">This to live system, this
will be always chane.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">So this
question, about Regex compatilities ?</span></p>
<p class="MsoNormal"><span lang="FR-CH">Thanks</span></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." rel="noreferrer" target="_blank">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>_______________________________________________</pre>
<pre>Fail2ban-users mailing list</pre>
<pre><a href="mailto:Fai...@li..." rel="noreferrer" target="_blank">Fai...@li...</a></pre>
<pre><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
<u></u><u></u>
<span>_______________________________________________</span><br><span>Fail2ban-users mailing list</span><br><span><a href="mailto:Fai...@li..." target="_blank">Fai...@li...</a></span><br><span><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></span><br></div></blockquote></div></div></div>_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." target="_blank">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a><br>
</blockquote></div>
</div></blockquote></div></div></body></html> |
|
From: Arturo 'B. B. <bu...@bu...> - 2024-05-20 14:42:52
|
fail2ban-regex is what you need to use... trust me on this, I have a bit of experience with fail2ban. XD On Mon, May 20, 2024, 11:41 Maurizio Caloro <mau...@ca...> wrote: > > > Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman < > bu...@bu...>: > > > No, it might not be important, but considering the very focused problem > you are trying to solve... specificity is required. > > > That’s not a problem, that was only a try for a shorter solution > „abbreviation“ but without impact. > > But with python i have the possibilities to sim this, or only with > fail2ban-regex. > > I think that i have enough, like this mentoined paper and the folder > „filter.d“ as example. > > Thanks > > > On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users < > fai...@li...> wrote: > >> Its mostly important that i understod the Syntax, so i found the >> devlopment documentation from version 0.9. so here it’s a overview of the >> right syntax. >> >> One syntax arn‘t important, the global perspective are the better road. >> >> Thanks >> >> Von meinem iPhone gesendet >> >> Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users < >> fai...@li...>: >> >> You also need to give us a bit more help, like examples of the failed >> log you are trying to match. >> >> BTW, why try to match a port with \w+ and not \d+? And why \w+?. >> >> On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: >> >> It would seem that you need to learn more regex before attempting to >> write fail2ban custom filters. It is in fact a common syntax. You just need >> to read about the particulars. >> >> Please use fail2ban-regex command to test and learn. >> >> Bye! >> >> On Mon, May 20, 2024, 09:28 Maurizio Caloro <mau...@ca...> wrote: >> >>> Yes, thanks, yes thats true >>> >>> - «.\[<HOST>\]:\ » >>> >>> but when i add this for example to pyrex, this didnt match. >>> >>> >>> >>> So its not possible to find any «regexeditor» that match with fail2ban >>> so that i can simulate this? >>> >>> This also is a valid string, this match on « Regex101 python « but not >>> with fail2ban >>> >>> - :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 >>> >>> >>> >>> Sorry i have not yet understood which editor i can use for sim, or is >>> fail2ban a separate unic regex Interpreter? >>> >>> Thanks for update >>> >>> >>> >>> *Von:* Nick Howitt via Fail2ban-users < >>> fai...@li...> >>> *Gesendet:* Montag, 20. Mai 2024 13:53 >>> *An:* fai...@li... >>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>> Regex >>> >>> >>> >>> Surely you need a <HOST> variable in that for f2b to work. Something >>> like: >>> >>> NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 >>> >>> Normally you'd also expect some sort of timestamp in the logs. >>> >>> On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: >>> >>> Thanks for your answer >>> >>> >>> >>> Please, after generate this syntax, no chance to include this to >>> Fail2ban. >>> >>> From 4389 found 0 hits >>> >>> >>> >>> [Appl PyRex] >>> >>> NON-SMTP COMMAND from.\[+.............\]:......after >>> CONNECT:.GET./.HTTP/1.1 >>> >>> NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 >>> >>> >>> >>> But what are wrong here? >>> >>> thanks >>> >>> >>> >>> *Von:* Arturo 'Buanzo' Busleiman < bu...@bu... > >>> <bu...@bu...> >>> *Gesendet:* Montag, 20. Mai 2024 12:47 >>> *An:* mau...@ca... >>> *Cc:* Fail 2 Ban <Fai...@li...> >>> <Fai...@li...> >>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>> Regex >>> >>> >>> >>> Use pyrex or any python compatible one. Also be mindful of interpreting >>> the filter definitions in filter.d and using fail2ban-regex as testing >>> ground. >>> >>> >>> >>> >>> >>> >>> >>> On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < >>> fai...@li...> wrote: >>> >>> Hello >>> >>> Please i think the Version 1.1.0 are the newest Version from Fail2ban? >>> >>> >>> >>> Support this now full regex?, i see meny time, that i puzzle on regex101 >>> me syntax and after implement >>> >>> This to live system, this will be always chane. >>> >>> >>> >>> So this question, about Regex compatilities ? >>> >>> Thanks >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fai...@li... >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Fail2ban-users mailing list >>> >>> Fai...@li... >>> >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> >>> >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> > |
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 14:59:46
|
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 16:42 schrieb Arturo 'Buanzo' Busleiman <bu...@bu...>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="auto">fail2ban-regex is what you need to use... trust me on this, I have a bit of experience with fail2ban.<div dir="auto"><br></div></div></div></blockquote><div><br></div>Thats not a problem, i trust you!<div><br></div><div>Gracias por esta buena conversacion!<br><div>Saludos</div><div>M</div><div><br><blockquote type="cite"><div dir="ltr"><div dir="auto"><div dir="auto">XD</div><div dir="auto"><br></div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 20, 2024, 11:41 Maurizio Caloro <<a href="mailto:mau...@ca...">mau...@ca...</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman <<a href="mailto:bu...@bu..." target="_blank" rel="noreferrer">bu...@bu...</a>>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">No, it might not be important, but considering the very focused problem you are trying to solve... specificity is required.<div><br></div></div></div></blockquote><div><br></div>That’s not a problem, that was only a try for a shorter solution „abbreviation“ but without impact.<div><br></div><div>But with python i have the possibilities to sim this, or only with fail2ban-regex.<br><div><br></div><div>I think that i have enough, like this mentoined paper and the folder „filter.d“ as example.</div><div><br></div><div>Thanks</div><div><blockquote type="cite"><div dir="ltr"><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li..." target="_blank" rel="noreferrer">fai...@li...</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr">Its mostly important that i understod the Syntax, so i found the devlopment documentation from version 0.9. so here it’s a overview of the right syntax.<div><br></div><div>One syntax arn‘t important, the global perspective are the better road.</div><div><br></div><div>Thanks</div><div><br id="m_-5702245819063257972m_-3142848838625252518lineBreakAtBeginningOfSignature"><div dir="ltr">Von meinem iPhone gesendet</div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." target="_blank" rel="noreferrer">fai...@li...</a>>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
You also need to give us a bit more help, like examples of the
failed log you are trying to match.<br>
<br>
BTW, why try to match a port with \w+ and not \d+? And why \w+?.<br>
<br>
<div>On 20/05/2024 13:36, Arturo 'Buanzo'
Busleiman wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">It would seem that you need to learn more regex
before attempting to write fail2ban custom filters. It is in
fact a common syntax. You just need to read about the
particulars.
<div dir="auto"><br>
</div>
<div dir="auto">Please use fail2ban-regex command to test and
learn.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Bye!</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 20, 2024, 09:28
Maurizio Caloro <<a href="mailto:mau...@ca..." target="_blank" rel="noreferrer">mau...@ca...</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="DE-CH">
<div>
<p class="MsoNormal"><span style="font-size:11pt">Yes,
thanks, yes thats true</span></p>
<ul style="margin-top:0cm" type="disc">
<li style="margin-left:17.4pt"><span style="font-size:11pt">«.\[<HOST>\]:\ »</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11pt">but
when i add this for example to pyrex, this didnt
match.</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">So its
not possible to find any «regexeditor» that match with
fail2ban so that i can simulate this?</span></p>
<p class="MsoNormal"><span style="font-size:11pt" lang="FR-CH">This also is a valid string, this match
on « Regex101 python « but not with fail2ban</span></p>
<ul style="margin-top:0cm" type="disc">
<li style="margin-left:17.4pt"><span style="font-size:11pt">:\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">Sorry
i have not yet understood which editor i can use for
sim, or is fail2ban a separate unic regex Interpreter?</span></p>
<p class="MsoNormal"><span style="font-size:11pt">Thanks
for update</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<div>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE">Von:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE"> Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." rel="noreferrer noreferrer" target="_blank">fai...@li...</a>>
<br>
<b>Gesendet:</b> Montag, 20. Mai 2024 13:53<br>
<b>An:</b> <a href="mailto:fai...@li..." rel="noreferrer noreferrer" target="_blank">fai...@li...</a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12pt">Surely
you need a <HOST> variable in that for f2b to
work. Something like:<br>
<br>
<span lang="FR-CH">NON-SMTP COMMAND
from.\[<HOST>\]:\d+ after
CONNECT:.GET./.HTTP/1.1</span><br>
<br>
Normally you'd also expect some sort of timestamp in the
logs.</p>
<div>
<p class="MsoNormal">On 20/05/2024 12:37, Maurizio
Caloro via Fail2ban-users wrote:</p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<p class="MsoNormal"><span style="font-size:11pt">Thanks
for your answer</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">Please,
after generate this syntax, no chance to include
this to Fail2ban.</span></p>
<p class="MsoNormal"><span style="font-size:11pt">From
4389 found 0 hits</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt" lang="FR-CH">[Appl PyRex]</span></p>
<p class="MsoNormal"><span lang="FR-CH">NON-SMTP COMMAND
from.\[+.............\]:......after
CONNECT:.GET./.HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:rgb(198,227,255)" lang="FR-CH">NON-SMTP
COMMAND from [64.62.197.214]:13465 after CONNECT:
GET / HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:rgb(198,227,255)" lang="FR-CH"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">But
what are wrong here?</span></p>
<p class="MsoNormal"><span style="font-size:11pt">thanks</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE">Von:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE"> Arturo 'Buanzo' Busleiman <a href="mailto:bu...@bu..." rel="noreferrer noreferrer" target="_blank"><<span style="font-size:12pt;font-family:Aptos,sans-serif;color:windowtext;text-decoration:none">
</span><span style="color:windowtext">bu...@bu...</span>
></a> <br>
<b>Gesendet:</b> Montag, 20. Mai 2024 12:47<br>
<b>An:</b> <a href="mailto:mau...@ca..." rel="noreferrer noreferrer" target="_blank">mau...@ca...</a><br>
<b>Cc:</b> Fail 2 Ban <a href="mailto:Fai...@li..." rel="noreferrer noreferrer" target="_blank"><Fai...@li...></a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Use pyrex or any python
compatible one. Also be mindful of interpreting the
filter definitions in filter.d and using
fail2ban-regex as testing ground.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Mon, May 20, 2024, 07:21
Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li..." rel="noreferrer noreferrer" target="_blank">fai...@li...</a>>
wrote:</p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt">
<div>
<div>
<p class="MsoNormal"><span lang="DE">Hello</span></p>
<p class="MsoNormal">Please i think the Version
1.1.0 are the newest Version from Fail2ban?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">Support
this now full regex?, i see meny time, that
i puzzle on regex101 me syntax and after
implement</span></p>
<p class="MsoNormal">This to live system, this
will be always chane.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">So this
question, about Regex compatilities ?</span></p>
<p class="MsoNormal"><span lang="FR-CH">Thanks</span></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." rel="noreferrer noreferrer" target="_blank">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>_______________________________________________</pre>
<pre>Fail2ban-users mailing list</pre>
<pre><a href="mailto:Fai...@li..." rel="noreferrer noreferrer" target="_blank">Fai...@li...</a></pre>
<pre><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
<u></u><u></u>
<span>_______________________________________________</span><br><span>Fail2ban-users mailing list</span><br><span><a href="mailto:Fai...@li..." target="_blank" rel="noreferrer">Fai...@li...</a></span><br><span><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" target="_blank" rel="noreferrer">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></span><br></div></blockquote></div></div></div>_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." target="_blank" rel="noreferrer">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a><br>
</blockquote></div>
</div></blockquote></div></div></div></blockquote></div>
</div></blockquote></div></div></body></html> |
|
From: Arturo 'B. B. <bu...@bu...> - 2024-05-20 15:04:02
|
A tu servicio amigo. Enjoy fail2ban. You will succeed in learning it and stopping evil;) On Mon, May 20, 2024, 12:00 Maurizio Caloro <mau...@ca...> wrote: > > > Am 20.05.2024 um 16:42 schrieb Arturo 'Buanzo' Busleiman < > bu...@bu...>: > > > fail2ban-regex is what you need to use... trust me on this, I have a bit > of experience with fail2ban. > > > Thats not a problem, i trust you! > > Gracias por esta buena conversacion! > Saludos > M > > XD > > > > On Mon, May 20, 2024, 11:41 Maurizio Caloro <mau...@ca...> wrote: > >> >> >> Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman < >> bu...@bu...>: >> >> >> No, it might not be important, but considering the very focused problem >> you are trying to solve... specificity is required. >> >> >> That’s not a problem, that was only a try for a shorter solution >> „abbreviation“ but without impact. >> >> But with python i have the possibilities to sim this, or only with >> fail2ban-regex. >> >> I think that i have enough, like this mentoined paper and the folder >> „filter.d“ as example. >> >> Thanks >> >> >> On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users < >> fai...@li...> wrote: >> >>> Its mostly important that i understod the Syntax, so i found the >>> devlopment documentation from version 0.9. so here it’s a overview of the >>> right syntax. >>> >>> One syntax arn‘t important, the global perspective are the better road. >>> >>> Thanks >>> >>> Von meinem iPhone gesendet >>> >>> Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users < >>> fai...@li...>: >>> >>> You also need to give us a bit more help, like examples of the failed >>> log you are trying to match. >>> >>> BTW, why try to match a port with \w+ and not \d+? And why \w+?. >>> >>> On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: >>> >>> It would seem that you need to learn more regex before attempting to >>> write fail2ban custom filters. It is in fact a common syntax. You just need >>> to read about the particulars. >>> >>> Please use fail2ban-regex command to test and learn. >>> >>> Bye! >>> >>> On Mon, May 20, 2024, 09:28 Maurizio Caloro <mau...@ca...> wrote: >>> >>>> Yes, thanks, yes thats true >>>> >>>> - «.\[<HOST>\]:\ » >>>> >>>> but when i add this for example to pyrex, this didnt match. >>>> >>>> >>>> >>>> So its not possible to find any «regexeditor» that match with fail2ban >>>> so that i can simulate this? >>>> >>>> This also is a valid string, this match on « Regex101 python « but not >>>> with fail2ban >>>> >>>> - :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 >>>> >>>> >>>> >>>> Sorry i have not yet understood which editor i can use for sim, or is >>>> fail2ban a separate unic regex Interpreter? >>>> >>>> Thanks for update >>>> >>>> >>>> >>>> *Von:* Nick Howitt via Fail2ban-users < >>>> fai...@li...> >>>> *Gesendet:* Montag, 20. Mai 2024 13:53 >>>> *An:* fai...@li... >>>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>>> Regex >>>> >>>> >>>> >>>> Surely you need a <HOST> variable in that for f2b to work. Something >>>> like: >>>> >>>> NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 >>>> >>>> Normally you'd also expect some sort of timestamp in the logs. >>>> >>>> On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: >>>> >>>> Thanks for your answer >>>> >>>> >>>> >>>> Please, after generate this syntax, no chance to include this to >>>> Fail2ban. >>>> >>>> From 4389 found 0 hits >>>> >>>> >>>> >>>> [Appl PyRex] >>>> >>>> NON-SMTP COMMAND from.\[+.............\]:......after >>>> CONNECT:.GET./.HTTP/1.1 >>>> >>>> NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / >>>> HTTP/1.1 >>>> >>>> >>>> >>>> But what are wrong here? >>>> >>>> thanks >>>> >>>> >>>> >>>> *Von:* Arturo 'Buanzo' Busleiman < bu...@bu... > >>>> <bu...@bu...> >>>> *Gesendet:* Montag, 20. Mai 2024 12:47 >>>> *An:* mau...@ca... >>>> *Cc:* Fail 2 Ban <Fai...@li...> >>>> <Fai...@li...> >>>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>>> Regex >>>> >>>> >>>> >>>> Use pyrex or any python compatible one. Also be mindful of interpreting >>>> the filter definitions in filter.d and using fail2ban-regex as testing >>>> ground. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < >>>> fai...@li...> wrote: >>>> >>>> Hello >>>> >>>> Please i think the Version 1.1.0 are the newest Version from Fail2ban? >>>> >>>> >>>> >>>> Support this now full regex?, i see meny time, that i puzzle on >>>> regex101 me syntax and after implement >>>> >>>> This to live system, this will be always chane. >>>> >>>> >>>> >>>> So this question, about Regex compatilities ? >>>> >>>> Thanks >>>> >>>> _______________________________________________ >>>> Fail2ban-users mailing list >>>> Fai...@li... >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> >>>> Fail2ban-users mailing list >>>> >>>> Fai...@li... >>>> >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>>> >>>> >>>> >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fai...@li... >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fai...@li... >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >> |
Thanks for helping keep SourceForge clean.
X