[arch-general] Archlinux fail2ban not working

Ralph Corderoy ralph at inputplus.co.uk
Sat Nov 9 15:42:47 UTC 2019


Hi Maykel,

> > > >     failregex = ^\S+: Unknown User .* \(<HOST>\)$
> > >
> > > Thanks for your help but not working...
> > > https://imgur.com/a/w0F2JSC
> >
> > That image shows
> >
> >     Unknown User .* \(<HOST>:.*\)
> >
> > but that's not what I suggested, e.g. you have a colon after the <HOST>
> > and as there is no colon in ‘(109.103.148.2)’ then the regexp is not
> > going to match.
>
> what you suggested didn't work either
>
> https://imgur.com/a/sNN5dL0

You still aren't trying what I suggested.  The regexp I'm suggesting is
for fail2ban.  It can't be put into regex101.com unaltered.  Nor can the
test input be the line to match against because fail2ban alters it
before applying the regular expression.

I suggest you test and develop the regexp you want using fail2ban,
e.g. fail2ban-regex.

-- 
Cheers, Ralph.


More information about the arch-general mailing list