[arch-general] Archlinux fail2ban not working
Maykel Franco
maykeldebian at gmail.com
Fri Nov 1 09:51:13 UTC 2019
Hi, I have this rule:
jail.conf:
[app-user]
enabled = true
port = 443
filter = user-app
logpath = /var/log/user-app.log
findtime = 1200
bantime = 480
maxretry = 3
-------------------------------
filter.d:
user-app.conf
[Definition]
failregex = Unknown User .* \(<HOST>:.*\)
ignoreregex =
-------------------------------
The content is logfile test /var/log/user-app.log:
[12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
[12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
[12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
[12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
[12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
[12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
-------------------------------
And when test it, not working:
fail2ban-regex /var/log/user-app.log /etc/fail2ban/filter.d/user-app.conf
Running tests
=============
Use failregex filter file : user-app, basedir: /etc/fail2ban
Use log file : user-app.conf
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [6] {^LN-BEG}24hour:Minute:Second
`-
Lines: 6 lines, 0 ignored, 0 matched, 6 missed
[processed in 0.02 sec]
|- Missed line(s):
| [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
| [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
| [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
| [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
| [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
| [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
Whats wrong? Maybe the left timestamp?
Thanks in advanced.
More information about the arch-general
mailing list