Fail2Ban regex does not match -

-

i'm using fail2ban. reason fail2ban refuse compile regex. here logs need match:

root@server1:/etc/fail2ban/filter.d# tail /var/log/apache2/error.log [sun apr 20 10:40:05 2014] [error] [client 75.144.181.151] user root: authentication failure "/phpmyadmin/": password mismatch [sun apr 20 10:40:16 2014] [error] [client 75.144.181.151] user root: authentication failure "/phpmyadmin/": password mismatch [sun apr 20 10:40:38 2014] [error] [client 75.144.181.151] user haker not found: /phpmyadmin/ [sun apr 20 10:40:44 2014] [error] [client 75.144.181.151] user pentest not found: /phpmyadmin/

and here fail2ban filter.d file:

root@server1:/etc/fail2ban/filter.d# cat /etc/fail2ban/filter.d/phpmyadmin.conf [definition] failregex = [client <host>;] user .*; not found: \/phpmyadmin\/|[client <host>;] user root: authentication failure "\/phpmyadmin\/": ignoreregex =

here regex line file above:

[client <host>;] user .*; not found: \/phpmyadmin\/|[client <host>;] user root: authentication failure "\/phpmyadmin\/":

unfortunately fail2ban log file giving me error regex: unable compile regular expression..

root@server1:/etc/fail2ban# tail /var/log/fail2ban.log 2014-04-20 10:47:06,788 fail2ban.filter : info   added logfile = /var/log/apache2/error.log 2014-04-20 10:47:06,789 fail2ban.filter : info   set maxretry = 3 2014-04-20 10:47:06,789 fail2ban.filter : info   set findtime = 600 2014-04-20 10:47:06,790 fail2ban.actions: info   set bantime = 600 2014-04-20 10:47:06,790 fail2ban.filter : error  unable compile regular expression '[client (?:::f{4,6}:)?(?p<host>[\w\-.^_]+);] user .*; not found: \/phpmyadmin\/|[client (?:::f{4,6}:)?(?p<host>[\w\-.^_]+);] user root: authentication failure "\/phpmyadmin\/":' 2014-04-20 10:47:06,794 fail2ban.jail   : info   jail 'ssh' started 2014-04-20 10:47:06,799 fail2ban.jail   : info   jail 'pureftpd' started 2014-04-20 10:47:06,805 fail2ban.jail   : info   jail 'phpmyadmin' started

my regex http://regex101.com/r/ku7tx3. wrong this? appreciated. thank you.

i have asked question in comment cannot add comment:

so trying best understand requirement , giving answer.

requirement: think looking filter lines containing "authentication failure "/phpmyadmin/""

you can changing regular expression following:

failregex = .*authentication failure "\/phpmyadmin\/"

you may have escape "

please add comments if wasn't correct understanding.....


Comments

Post a Comment

Popular posts from this blog

c++ - How to add Crypto++ library to Qt project -

-
Image
i downloaded crypto++ source , compiled cryptlib project in visual studio 2013, , added generated .lib file qt project, made .pro file this: qt += core gui qt += sql greaterthan(qt_major_version, 4):qt += widgets target = untitled template = app sources += main.cpp\ mainwindow.cpp headers += mainwindow.h \ databasecontrol.h \ test.h forms += mainwindow.ui win32:config(release, debug|release): libs += -l$$pwd/ -lcryptlib else:win32:config(debug, debug|release): libs += -l$$pwd/ -lcryptlibd else:unix: libs += -l$$pwd/ -lcryptlib includepath += $$pwd/ dependpath += $$pwd/ win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/libcryptlib.a else:win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/libcryptlibd.a else:win32:!win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/cryptlib.lib else:win32:!win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/cryptlibd.lib else:unix: pre_targetdeps += $$pw
Read more

jQuery Mobile app not scrolling in Firefox -

-
i have mobile app built in jquery mobile. scrolling fine in chrome & safari, fails scroll in firefox on desktop. have other instances of same app, different features, , works across browsers. life of me, cannot figure this, please help! located here: http://re-brand.us/dsus/index.html seems bug in firefox: bug log . able scroll using keyboard not trackpad on mac. are using mac? i'll keep looking see if can find way around it.
Read more

How to use vim as editor in Matlab GUI -

-
i using matlab r2013b. using gui, command windows , editor in split screen. in matlab preferences > editor/debugger > editor. there option set custom editor instead of matlab editor. set local editor /usr/bin/vim , not able open files @ anymore. there possibility use vim editor in split screen mode? i aware of !vim file.m , not solution looking for, works satisfactory in -nodisplay mode. rather want keep split screen mode. i did not find solution 100% satisfying, using tmux intermediate solution. allows 2 use split screen 2 terminals. in 1 of can open matlab -nodesktop in terminal mode, , in other 1 vim . possible switch between both split screens. you can use functionality of gui matlab typing things commandhistory , who et cetera.
Read more