Hey folks, I have made a filter that blocks machines from accessing samba shares when creating files with certain extensions. The filter looks like this
[Definition] failregex = (?i)smbd.*IP=<HOST>.*\.locky$ So it should trigger when a file ending with .LOCKY or .locky is saved in this case. However I turned on debug loglevel and saw that it is triggered when I save file.LOCKY but only puts the machine in jail when I save file.locky. Even though it gets the event and finds the IP, it only puts the machine in jail when its all lowercase. When I remove the case insensitive flag "(?i)" the filter does not trigger for .LOCKY so it definitely filters case insensitive but the jail is still applied case sensitive. Does anybody know what I am missing here? Thanks in advance! Excuse me if I was unclear, feel free to ask further questions. Kind regards
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
