Menu
▾
▴
Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex
|
From: Maurizio C. <mau...@ca...> - 2024-05-20 14:40:56
|
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman <bu...@bu...>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">No, it might not be important, but considering the very focused problem you are trying to solve... specificity is required.<div><br></div></div></div></blockquote><div><br></div>That’s not a problem, that was only a try for a shorter solution „abbreviation“ but without impact.<div><br></div><div>But with python i have the possibilities to sim this, or only with fail2ban-regex.<br><div><br></div><div>I think that i have enough, like this mentoined paper and the folder „filter.d“ as example.</div><div><br></div><div>Thanks</div><div><blockquote type="cite"><div dir="ltr"><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li...">fai...@li...</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr">Its mostly important that i understod the Syntax, so i found the devlopment documentation from version 0.9. so here it’s a overview of the right syntax.<div><br></div><div>One syntax arn‘t important, the global perspective are the better road.</div><div><br></div><div>Thanks</div><div><br id="m_-3142848838625252518lineBreakAtBeginningOfSignature"><div dir="ltr">Von meinem iPhone gesendet</div><div dir="ltr"><br><blockquote type="cite">Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." target="_blank">fai...@li...</a>>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
You also need to give us a bit more help, like examples of the
failed log you are trying to match.<br>
<br>
BTW, why try to match a port with \w+ and not \d+? And why \w+?.<br>
<br>
<div>On 20/05/2024 13:36, Arturo 'Buanzo'
Busleiman wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">It would seem that you need to learn more regex
before attempting to write fail2ban custom filters. It is in
fact a common syntax. You just need to read about the
particulars.
<div dir="auto"><br>
</div>
<div dir="auto">Please use fail2ban-regex command to test and
learn.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Bye!</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 20, 2024, 09:28
Maurizio Caloro <<a href="mailto:mau...@ca..." target="_blank">mau...@ca...</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="overflow-wrap: break-word;" lang="DE-CH">
<div>
<p class="MsoNormal"><span style="font-size:11pt">Yes,
thanks, yes thats true</span></p>
<ul style="margin-top:0cm" type="disc">
<li style="margin-left:17.4pt"><span style="font-size:11pt">«.\[<HOST>\]:\ »</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11pt">but
when i add this for example to pyrex, this didnt
match.</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">So its
not possible to find any «regexeditor» that match with
fail2ban so that i can simulate this?</span></p>
<p class="MsoNormal"><span style="font-size:11pt" lang="FR-CH">This also is a valid string, this match
on « Regex101 python « but not with fail2ban</span></p>
<ul style="margin-top:0cm" type="disc">
<li style="margin-left:17.4pt"><span style="font-size:11pt">:\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1</span></li>
</ul>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">Sorry
i have not yet understood which editor i can use for
sim, or is fail2ban a separate unic regex Interpreter?</span></p>
<p class="MsoNormal"><span style="font-size:11pt">Thanks
for update</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<div>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE">Von:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE"> Nick Howitt via Fail2ban-users <<a href="mailto:fai...@li..." rel="noreferrer" target="_blank">fai...@li...</a>>
<br>
<b>Gesendet:</b> Montag, 20. Mai 2024 13:53<br>
<b>An:</b> <a href="mailto:fai...@li..." rel="noreferrer" target="_blank">fai...@li...</a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12pt">Surely
you need a <HOST> variable in that for f2b to
work. Something like:<br>
<br>
<span lang="FR-CH">NON-SMTP COMMAND
from.\[<HOST>\]:\d+ after
CONNECT:.GET./.HTTP/1.1</span><br>
<br>
Normally you'd also expect some sort of timestamp in the
logs.</p>
<div>
<p class="MsoNormal">On 20/05/2024 12:37, Maurizio
Caloro via Fail2ban-users wrote:</p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<p class="MsoNormal"><span style="font-size:11pt">Thanks
for your answer</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">Please,
after generate this syntax, no chance to include
this to Fail2ban.</span></p>
<p class="MsoNormal"><span style="font-size:11pt">From
4389 found 0 hits</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt" lang="FR-CH">[Appl PyRex]</span></p>
<p class="MsoNormal"><span lang="FR-CH">NON-SMTP COMMAND
from.\[+.............\]:......after
CONNECT:.GET./.HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:rgb(198,227,255)" lang="FR-CH">NON-SMTP
COMMAND from [64.62.197.214]:13465 after CONNECT:
GET / HTTP/1.1</span></p>
<p class="MsoNormal"><span style="color:black;background:rgb(198,227,255)" lang="FR-CH"> </span></p>
<p class="MsoNormal"><span style="font-size:11pt">But
what are wrong here?</span></p>
<p class="MsoNormal"><span style="font-size:11pt">thanks</span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE">Von:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" lang="DE"> Arturo 'Buanzo' Busleiman <a href="mailto:bu...@bu..." rel="noreferrer" target="_blank"><<span style="font-size:12pt;font-family:Aptos,sans-serif;color:windowtext;text-decoration:none">
</span><span style="color:windowtext">bu...@bu...</span>
></a> <br>
<b>Gesendet:</b> Montag, 20. Mai 2024 12:47<br>
<b>An:</b> <a href="mailto:mau...@ca..." rel="noreferrer" target="_blank">mau...@ca...</a><br>
<b>Cc:</b> Fail 2 Ban <a href="mailto:Fai...@li..." rel="noreferrer" target="_blank"><Fai...@li...></a><br>
<b>Betreff:</b> Re: [Fail2ban-users] Fail2ban
V1.1.0 from Github - question Regex</span></p>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Use pyrex or any python
compatible one. Also be mindful of interpreting the
filter definitions in filter.d and using
fail2ban-regex as testing ground.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Mon, May 20, 2024, 07:21
Maurizio Caloro via Fail2ban-users <<a href="mailto:fai...@li..." rel="noreferrer" target="_blank">fai...@li...</a>>
wrote:</p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt">
<div>
<div>
<p class="MsoNormal"><span lang="DE">Hello</span></p>
<p class="MsoNormal">Please i think the Version
1.1.0 are the newest Version from Fail2ban?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">Support
this now full regex?, i see meny time, that
i puzzle on regex101 me syntax and after
implement</span></p>
<p class="MsoNormal">This to live system, this
will be always chane.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="FR-CH">So this
question, about Regex compatilities ?</span></p>
<p class="MsoNormal"><span lang="FR-CH">Thanks</span></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." rel="noreferrer" target="_blank">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>_______________________________________________</pre>
<pre>Fail2ban-users mailing list</pre>
<pre><a href="mailto:Fai...@li..." rel="noreferrer" target="_blank">Fai...@li...</a></pre>
<pre><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
<u></u><u></u>
<span>_______________________________________________</span><br><span>Fail2ban-users mailing list</span><br><span><a href="mailto:Fai...@li..." target="_blank">Fai...@li...</a></span><br><span><a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a></span><br></div></blockquote></div></div></div>_______________________________________________<br>
Fail2ban-users mailing list<br>
<a href="mailto:Fai...@li..." target="_blank">Fai...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/fail2ban-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/fail2ban-users</a><br>
</blockquote></div>
</div></blockquote></div></div></body></html> |