Hi Maykel,
> > How about
> >
> > failregex = ^\S+: Unknown User .* \(\)$
>
> Thanks for your help but not working...
> https://imgur.com/a/w0F2JSC
That image shows
Unknown User .* \(:.*\)
but that's not what I suggested, e.g. you have a colon after the
and as there is no colon in ‘(109
El sáb., 2 nov. 2019 a las 0:13, Maykel Franco
() escribió:
>
> El vie., 1 nov. 2019 a las 19:20, Ralph Corderoy
> () escribió:
> >
> > Hi Maykel,
> >
> > I don't use fail2ban, but I've just skimmed
> > https://fail2ban.readthedocs.io/en/latest/filters.html#developing-filter-regular-expressions
> >
El vie., 1 nov. 2019 a las 19:20, Ralph Corderoy
() escribió:
>
> Hi Maykel,
>
> I don't use fail2ban, but I've just skimmed
> https://fail2ban.readthedocs.io/en/latest/filters.html#developing-filter-regular-expressions
> You may find the ‘debuggex’ reference useful.
>
> > failregex = Unknown User
On 10/31/19 3:46 PM, Giancarlo Razzolini wrote:
> Hi Eli,
>
> This is totally uncalled for. Even though I agree that kernel-install is
> *not*
> that great, there's no need to be aggressive.
>
> The question, even if phrased not in the best way, is a legitimate one.
Didn't seem like much of a qu
On 10/31/19 6:19 PM, Geo Kozey via arch-general wrote:
> Thx, my concern was more about maintenance burden for Arch devs vs relying on
> dracut + kernel-install combo and call it a day.
> If devs prefer to work on exclusive service for Arch users then let it be.
Dracut does not work out of the bo
Hi Maykel,
I don't use fail2ban, but I've just skimmed
https://fail2ban.readthedocs.io/en/latest/filters.html#developing-filter-regular-expressions
You may find the ‘debuggex’ reference useful.
> failregex = Unknown User .* \(:.*\)
...
> [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2)
El vie., 1 nov. 2019 17:32, Justin Capella via arch-general <
arch-general@archlinux.org> escribió:
> Your regex doesn't look like it would match. If is substituted for
> your hostname that part of the regex would need to be before the unknown
> user part
>
> On Fri, Nov 1, 2019, 2:51 AM Maykel F
Your regex doesn't look like it would match. If is substituted for
your hostname that part of the regex would need to be before the unknown
user part
On Fri, Nov 1, 2019, 2:51 AM Maykel Franco via arch-general <
arch-general@archlinux.org> wrote:
> Hi, I have this rule:
>
> jail.conf:
>
> [app-u
Hi, I have this rule:
jail.conf:
[app-user]
enabled = true
port = 443
filter = user-app
logpath = /var/log/user-app.log
findtime = 1200
bantime = 480
maxretry = 3
---
filter.d:
user-app.conf
[Definition]
failregex = Unknown User .* \(:.*\)
ignoreregex =
---
9 matches
Mail list logo
