Hi Ivan, please provide more information or I would close the report in a week or so.
Best regards, On Wed, 23 Mar 2011, Yaroslav Halchenko wrote: > severity 605661 normal > tags 605661 = moreinfo unreproducible > thanks > Hi Ivan, > Could you elaborate on how the removal of "-" from the falregex > expression addresses anything? or am I missing some other change? > please provide example of log lines which are not caught by old > expression but caught by your "fixed" one > On Thu, 02 Dec 2010, Ivan Agliardi wrote: > > To fix this problem you just need to edit /etc/fail2ban/filter.d and change > > it as follows: > > failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ > > \[\S+\] to \S+:\S+$ > > \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect > > password\.$ > > \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login > > attempted\.$ > > \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$ > > becomes: > > failregex = \(\S+\[<HOST>\]\)[: ]+ USER \S+: no such user found from \S+ > > \[\S+\] to \S+:\S+$ > > \(\S+\[<HOST>\]\)[: ]+ USER \S+ \(Login failed\): Incorrect > > password\.$ > > \(\S+\[<HOST>\]\)[: ]+ SECURITY VIOLATION: \S+ login > > attempted\.$ > > \(\S+\[<HOST>\]\)[: ]+ Maximum login attempts \(\d+\) exceeded$ -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
