[arch-general] Archlinux fail2ban not working
Ralph Corderoy
ralph at inputplus.co.uk
Sat Nov 9 15:42:47 UTC 2019
Hi Maykel,
> > > > failregex = ^\S+: Unknown User .* \(<HOST>\)$
> > >
> > > Thanks for your help but not working...
> > > https://imgur.com/a/w0F2JSC
> >
> > That image shows
> >
> > Unknown User .* \(<HOST>:.*\)
> >
> > but that's not what I suggested, e.g. you have a colon after the <HOST>
> > and as there is no colon in ‘(109.103.148.2)’ then the regexp is not
> > going to match.
>
> what you suggested didn't work either
>
> https://imgur.com/a/sNN5dL0
You still aren't trying what I suggested. The regexp I'm suggesting is
for fail2ban. It can't be put into regex101.com unaltered. Nor can the
test input be the line to match against because fail2ban alters it
before applying the regular expression.
I suggest you test and develop the regexp you want using fail2ban,
e.g. fail2ban-regex.
--
Cheers, Ralph.
More information about the arch-general
mailing list