Menu
▾
▴
fail2ban-users
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 10:11:15
|
Hello Please i think the Version 1.1.0 are the newest Version from Fail2ban? Support this now full regex?, i see meny time, that i puzzle on regex101 me syntax and after implement This to live system, this will be always chane. So this question, about Regex compatilities ? Thanks |
|
From: Arturo 'B. B. <bu...@bu...> - 2024-05-20 11:15:46
|
Use pyrex or any python compatible one. Also be mindful of interpreting the filter definitions in filter.d and using fail2ban-regex as testing ground. On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < fai...@li...> wrote: > Hello > > Please i think the Version 1.1.0 are the newest Version from Fail2ban? > > > > Support this now full regex?, i see meny time, that i puzzle on regex101 > me syntax and after implement > > This to live system, this will be always chane. > > > > So this question, about Regex compatilities ? > > Thanks > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 11:38:09
|
Thanks for your answer Please, after generate this syntax, no chance to include this to Fail2ban. >From 4389 found 0 hits [Appl PyRex] NON-SMTP COMMAND from.\[+.............\]:......after CONNECT:.GET./.HTTP/1.1 NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 But what are wrong here? thanks Von: Arturo 'Buanzo' Busleiman <bu...@bu...> Gesendet: Montag, 20. Mai 2024 12:47 An: mau...@ca... Cc: Fail 2 Ban <Fai...@li...> Betreff: Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex Use pyrex or any python compatible one. Also be mindful of interpreting the filter definitions in filter.d and using fail2ban-regex as testing ground. On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users <fai...@li... <mailto:fai...@li...> > wrote: Hello Please i think the Version 1.1.0 are the newest Version from Fail2ban? Support this now full regex?, i see meny time, that i puzzle on regex101 me syntax and after implement This to live system, this will be always chane. So this question, about Regex compatilities ? Thanks _______________________________________________ Fail2ban-users mailing list Fai...@li... <mailto:Fai...@li...> https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
|
From: Nick H. <ni...@ho...> - 2024-05-20 12:10:11
|
Surely you need a <HOST> variable in that for f2b to work. Something like: NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 Normally you'd also expect some sort of timestamp in the logs. On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: > > Thanks for your answer > > Please, after generate this syntax, no chance to include this to Fail2ban. > > From 4389 found 0 hits > > [Appl PyRex] > > NON-SMTP COMMAND from.\[+.............\]:......after > CONNECT:.GET./.HTTP/1.1 > > NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 > > But what are wrong here? > > thanks > > *Von:*Arturo 'Buanzo' Busleiman <bu...@bu...> > *Gesendet:* Montag, 20. Mai 2024 12:47 > *An:* mau...@ca... > *Cc:* Fail 2 Ban <Fai...@li...> > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question > Regex > > Use pyrex or any python compatible one. Also be mindful of > interpreting the filter definitions in filter.d and using > fail2ban-regex as testing ground. > > On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users > <fai...@li...> wrote: > > Hello > > Please i think the Version 1.1.0 are the newest Version from Fail2ban? > > Support this now full regex?, i see meny time, that i puzzle on > regex101 me syntax and after implement > > This to live system, this will be always chane. > > So this question, about Regex compatilities ? > > Thanks > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 12:28:43
|
Yes, thanks, yes thats true * «.\[<HOST>\]:\ » but when i add this for example to pyrex, this didnt match. So its not possible to find any «regexeditor» that match with fail2ban so that i can simulate this? This also is a valid string, this match on « Regex101 python « but not with fail2ban * :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 Sorry i have not yet understood which editor i can use for sim, or is fail2ban a separate unic regex Interpreter? Thanks for update Von: Nick Howitt via Fail2ban-users <fai...@li...> Gesendet: Montag, 20. Mai 2024 13:53 An: fai...@li... Betreff: Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex Surely you need a <HOST> variable in that for f2b to work. Something like: NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 Normally you'd also expect some sort of timestamp in the logs. On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: Thanks for your answer Please, after generate this syntax, no chance to include this to Fail2ban. >From 4389 found 0 hits [Appl PyRex] NON-SMTP COMMAND from.\[+.............\]:......after CONNECT:.GET./.HTTP/1.1 NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 But what are wrong here? thanks Von: Arturo 'Buanzo' Busleiman <mailto:bu...@bu...> < bu...@bu... > Gesendet: Montag, 20. Mai 2024 12:47 An: mau...@ca... <mailto:mau...@ca...> Cc: Fail 2 Ban <mailto:Fai...@li...> <Fai...@li...> Betreff: Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex Use pyrex or any python compatible one. Also be mindful of interpreting the filter definitions in filter.d and using fail2ban-regex as testing ground. On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users <fai...@li... <mailto:fai...@li...> > wrote: Hello Please i think the Version 1.1.0 are the newest Version from Fail2ban? Support this now full regex?, i see meny time, that i puzzle on regex101 me syntax and after implement This to live system, this will be always chane. So this question, about Regex compatilities ? Thanks _______________________________________________ Fail2ban-users mailing list Fai...@li... <mailto:Fai...@li...> https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fai...@li... <mailto:Fai...@li...> https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
|
From: Arturo 'B. B. <bu...@bu...> - 2024-05-20 12:36:26
|
It would seem that you need to learn more regex before attempting to write fail2ban custom filters. It is in fact a common syntax. You just need to read about the particulars. Please use fail2ban-regex command to test and learn. Bye! On Mon, May 20, 2024, 09:28 Maurizio Caloro <mau...@ca...> wrote: > Yes, thanks, yes thats true > > - «.\[<HOST>\]:\ » > > but when i add this for example to pyrex, this didnt match. > > > > So its not possible to find any «regexeditor» that match with fail2ban so > that i can simulate this? > > This also is a valid string, this match on « Regex101 python « but not > with fail2ban > > - :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 > > > > Sorry i have not yet understood which editor i can use for sim, or is > fail2ban a separate unic regex Interpreter? > > Thanks for update > > > > *Von:* Nick Howitt via Fail2ban-users < > fai...@li...> > *Gesendet:* Montag, 20. Mai 2024 13:53 > *An:* fai...@li... > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question > Regex > > > > Surely you need a <HOST> variable in that for f2b to work. Something like: > > NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 > > Normally you'd also expect some sort of timestamp in the logs. > > On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: > > Thanks for your answer > > > > Please, after generate this syntax, no chance to include this to Fail2ban. > > From 4389 found 0 hits > > > > [Appl PyRex] > > NON-SMTP COMMAND from.\[+.............\]:......after > CONNECT:.GET./.HTTP/1.1 > > NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 > > > > But what are wrong here? > > thanks > > > > *Von:* Arturo 'Buanzo' Busleiman < bu...@bu... > > <bu...@bu...> > *Gesendet:* Montag, 20. Mai 2024 12:47 > *An:* mau...@ca... > *Cc:* Fail 2 Ban <Fai...@li...> > <Fai...@li...> > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question > Regex > > > > Use pyrex or any python compatible one. Also be mindful of interpreting > the filter definitions in filter.d and using fail2ban-regex as testing > ground. > > > > > > > > On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < > fai...@li...> wrote: > > Hello > > Please i think the Version 1.1.0 are the newest Version from Fail2ban? > > > > Support this now full regex?, i see meny time, that i puzzle on regex101 > me syntax and after implement > > This to live system, this will be always chane. > > > > So this question, about Regex compatilities ? > > Thanks > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fai...@li... > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > |
|
From: Nick H. <ni...@ho...> - 2024-05-20 12:54:31
|
You also need to give us a bit more help, like examples of the failed log you are trying to match. BTW, why try to match a port with \w+ and not \d+? And why \w+?. On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: > It would seem that you need to learn more regex before attempting to > write fail2ban custom filters. It is in fact a common syntax. You just > need to read about the particulars. > > Please use fail2ban-regex command to test and learn. > > Bye! > > On Mon, May 20, 2024, 09:28 Maurizio Caloro <mau...@ca...> wrote: > > Yes, thanks, yes thats true > > * «.\[<HOST>\]:\ » > > but when i add this for example to pyrex, this didnt match. > > So its not possible to find any «regexeditor» that match with > fail2ban so that i can simulate this? > > This also is a valid string, this match on « Regex101 python « but > not with fail2ban > > * :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 > > Sorry i have not yet understood which editor i can use for sim, or > is fail2ban a separate unic regex Interpreter? > > Thanks for update > > *Von:*Nick Howitt via Fail2ban-users > <fai...@li...> > *Gesendet:* Montag, 20. Mai 2024 13:53 > *An:* fai...@li... > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - > question Regex > > Surely you need a <HOST> variable in that for f2b to work. > Something like: > > NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 > > Normally you'd also expect some sort of timestamp in the logs. > > On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: > > Thanks for your answer > > Please, after generate this syntax, no chance to include this > to Fail2ban. > > From 4389 found 0 hits > > [Appl PyRex] > > NON-SMTP COMMAND from.\[+.............\]:......after > CONNECT:.GET./.HTTP/1.1 > > NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET > / HTTP/1.1 > > But what are wrong here? > > thanks > > *Von:*Arturo 'Buanzo' Busleiman <bu...@bu... > > <mailto:bu...@bu...> > *Gesendet:* Montag, 20. Mai 2024 12:47 > *An:* mau...@ca... > *Cc:* Fail 2 Ban <Fai...@li...> > <mailto:Fai...@li...> > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - > question Regex > > Use pyrex or any python compatible one. Also be mindful of > interpreting the filter definitions in filter.d and using > fail2ban-regex as testing ground. > > On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users > <fai...@li...> wrote: > > Hello > > Please i think the Version 1.1.0 are the newest Version > from Fail2ban? > > Support this now full regex?, i see meny time, that i > puzzle on regex101 me syntax and after implement > > This to live system, this will be always chane. > > So this question, about Regex compatilities ? > > Thanks > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fai...@li... > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |
Thanks for helping keep SourceForge clean.
X