Menu
▾
▴
Re: [Fail2ban-users] Why does ^%(__prefix_line)s fail?
|
From: Teresa e J. <ter...@gm...> - 2018-05-31 07:25:30
|
Em 31/05/2018 04:21, Teresa e Junior escreveu: > Em 30/05/2018 17:32, Teresa e Junior escreveu: >> The problem, though, is that this log line doesn't match against >> /etc/fail2ban/filter.d/sshd.conf either (Ubuntu 16.04 and 18.04): >> >> $ fail2ban-regex "May 30 21:03:25 vps docker/ftps[1346]: Failed >> password for teresaejunior from 1.2.3.4 port 50714 ssh2" >> /etc/fail2ban/filter.d/sshd.conf > > It doesn't match because docker/ftps[1346] is invalid in the filter. It > expects sshd[1346]. The solution is copying sshd.conf to ftps.local and > setting "_daemon = docker/ftps". If anyone has problems like me with the regexes not matching, you can compare your logs against the upstream test files. For example, for sshd: https://github.com/fail2ban/fail2ban/blob/0.11/fail2ban/tests/files/logs/sshd |
