Hi, Full disclosure. I’m new to F2B. :)
I managed to setup 0.10.2 (just upgraded to 0.11) and get it working on macOS High Sierra. My primary match action is to block connections using the adaptive firewall (pf). I’m interested in filter action jails which target attempted abuse of apache/php7, proftpd, sshd, and webmin. My main problem is that some of the log filters don’t seem to work (on macOS). For example, the sshd and webmin-auth log filters don’t match anything. Here’s an example of the only log entry which occurs when I try to login to Webmin with false credentials (logging of logins/logouts is enabled in webmin conf): XXX.XXX.XXX.XXX - - [04/Feb/2018:23:01:52 +0200] "POST /session_login.cgi HTTP/1.1" 401 2333 So, it looks a bit different from the webmin-auth default regexps. Essentially just a HTTP status code 401. Can someone help me construct a properly formatted regexp for it? Are there any generic instructions available on how to construct log filter regexps? How about instructions as to what each of the default log filters attempts to filter (or should it be obvious)? -- Palvelin.fi Hostmaster postmas...@palvelin.fi ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
