A tu servicio amigo. Enjoy fail2ban. You will succeed in learning it and stopping evil;)
On Mon, May 20, 2024, 12:00 Maurizio Caloro <mauri...@caloro.ch> wrote: > > > Am 20.05.2024 um 16:42 schrieb Arturo 'Buanzo' Busleiman < > bua...@buanzo.com.ar>: > > > fail2ban-regex is what you need to use... trust me on this, I have a bit > of experience with fail2ban. > > > Thats not a problem, i trust you! > > Gracias por esta buena conversacion! > Saludos > M > > XD > > > > On Mon, May 20, 2024, 11:41 Maurizio Caloro <mauri...@caloro.ch> wrote: > >> >> >> Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman < >> bua...@buanzo.com.ar>: >> >> >> No, it might not be important, but considering the very focused problem >> you are trying to solve... specificity is required. >> >> >> That’s not a problem, that was only a try for a shorter solution >> „abbreviation“ but without impact. >> >> But with python i have the possibilities to sim this, or only with >> fail2ban-regex. >> >> I think that i have enough, like this mentoined paper and the folder >> „filter.d“ as example. >> >> Thanks >> >> >> On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users < >> fail2ban-users@lists.sourceforge.net> wrote: >> >>> Its mostly important that i understod the Syntax, so i found the >>> devlopment documentation from version 0.9. so here it’s a overview of the >>> right syntax. >>> >>> One syntax arn‘t important, the global perspective are the better road. >>> >>> Thanks >>> >>> Von meinem iPhone gesendet >>> >>> Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users < >>> fail2ban-users@lists.sourceforge.net>: >>> >>> You also need to give us a bit more help, like examples of the failed >>> log you are trying to match. >>> >>> BTW, why try to match a port with \w+ and not \d+? And why \w+?. >>> >>> On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: >>> >>> It would seem that you need to learn more regex before attempting to >>> write fail2ban custom filters. It is in fact a common syntax. You just need >>> to read about the particulars. >>> >>> Please use fail2ban-regex command to test and learn. >>> >>> Bye! >>> >>> On Mon, May 20, 2024, 09:28 Maurizio Caloro <mauri...@caloro.ch> wrote: >>> >>>> Yes, thanks, yes thats true >>>> >>>> - «.\[<HOST>\]:\ » >>>> >>>> but when i add this for example to pyrex, this didnt match. >>>> >>>> >>>> >>>> So its not possible to find any «regexeditor» that match with fail2ban >>>> so that i can simulate this? >>>> >>>> This also is a valid string, this match on « Regex101 python « but not >>>> with fail2ban >>>> >>>> - :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 >>>> >>>> >>>> >>>> Sorry i have not yet understood which editor i can use for sim, or is >>>> fail2ban a separate unic regex Interpreter? >>>> >>>> Thanks for update >>>> >>>> >>>> >>>> *Von:* Nick Howitt via Fail2ban-users < >>>> fail2ban-users@lists.sourceforge.net> >>>> *Gesendet:* Montag, 20. Mai 2024 13:53 >>>> *An:* fail2ban-users@lists.sourceforge.net >>>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>>> Regex >>>> >>>> >>>> >>>> Surely you need a <HOST> variable in that for f2b to work. Something >>>> like: >>>> >>>> NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 >>>> >>>> Normally you'd also expect some sort of timestamp in the logs. >>>> >>>> On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: >>>> >>>> Thanks for your answer >>>> >>>> >>>> >>>> Please, after generate this syntax, no chance to include this to >>>> Fail2ban. >>>> >>>> From 4389 found 0 hits >>>> >>>> >>>> >>>> [Appl PyRex] >>>> >>>> NON-SMTP COMMAND from.\[+.............\]:......after >>>> CONNECT:.GET./.HTTP/1.1 >>>> >>>> NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / >>>> HTTP/1.1 >>>> >>>> >>>> >>>> But what are wrong here? >>>> >>>> thanks >>>> >>>> >>>> >>>> *Von:* Arturo 'Buanzo' Busleiman < bua...@buanzo.com.ar > >>>> <bua...@buanzo.com.ar> >>>> *Gesendet:* Montag, 20. Mai 2024 12:47 >>>> *An:* mauri...@caloro.ch >>>> *Cc:* Fail 2 Ban <Fail2ban-users@lists.sourceforge.net> >>>> <Fail2ban-users@lists.sourceforge.net> >>>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>>> Regex >>>> >>>> >>>> >>>> Use pyrex or any python compatible one. Also be mindful of interpreting >>>> the filter definitions in filter.d and using fail2ban-regex as testing >>>> ground. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < >>>> fail2ban-users@lists.sourceforge.net> wrote: >>>> >>>> Hello >>>> >>>> Please i think the Version 1.1.0 are the newest Version from Fail2ban? >>>> >>>> >>>> >>>> Support this now full regex?, i see meny time, that i puzzle on >>>> regex101 me syntax and after implement >>>> >>>> This to live system, this will be always chane. >>>> >>>> >>>> >>>> So this question, about Regex compatilities ? >>>> >>>> Thanks >>>> >>>> _______________________________________________ >>>> Fail2ban-users mailing list >>>> Fail2ban-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> >>>> Fail2ban-users mailing list >>>> >>>> Fail2ban-users@lists.sourceforge.net >>>> >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>>> >>>> >>>> >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fail2ban-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fail2ban-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
