Lines: 742 lines, 0 ignored, 73 matched, 669 missed
73 lines matched. It *is* working. Don't forget to reload or restart fail2ban.
Bill
On 2/17/2020 3:18 PM, Henrique Fagundes wrote:
Hello,
Unfortunately it didn't work.
This is the output of my test command:
[root@www /etc/fail2ban]# fail2ban-regex /var/log/messages
/etc/fail2ban/filter.d/drupal-auth.conf
Running tests
=============
Use failregex filter file : drupal-auth, basedir: /etc/fail2ban
Use log file : /var/log/messages
Use encoding : UTF-8
Results
=======
Failregex: 73 total
|- #) [# of hits] regular expression
| 1) [73] drupal([^|]*){3}\[<HOST>\].*Login attempt failed.*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [742] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?:
ExYear)?
`-
Lines: 742 lines, 0 ignored, 73 matched, 669 missed
[processed in 0.18 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 669
lines
---- Ativado Seg, 17 fev 2020 16:35:54 -0300 Bill Shirley
<[email protected]> escreveu ----
> Your failregex isn't even close to matching the log lines in
/var/log/messages:
>
> failregex = Submitting address \[<HOST>\] to the firewallFeb 17 14:18:42
www drupal[3979]:
https://www.clubenaval.org.br/novo|1581949122|user|177.124.244.10|https://www.clubenaval.org.br/novo/?q=frontpage&destination=frontpage|https://www.clubenaval.org.br/novo/index.php|0||Login
attempt failed for chmviola. Try this for your filter:
> [Definition]
> #failregex = drupal.*|user|\[<HOST>\]|.*Login attempt
failed.*$
> #failregex = drupal.*\[<HOST>\]
> failregex = drupal([^|]*){3}\[<HOST>\].*Login attempt
failed.*$
> #failregex = drupal.*\|user\|\[<HOST>\].*Login attempt
failed.*$
>
> ignoreregex =
> The uncommented failregex works.
>
> My test files are in /root/tmp
> Running command: fail2ban-regex /root/tmp/drupal.messages
/root/tmp/drupal.filter.conf
>
> Running tests
> =============
>
> Use failregex file : /root/tmp/drupal.filter.conf
> Use log file : /root/tmp/drupal.messages
> Use encoding : UTF-8
>
>
> Results
> =======
>
> Failregex: 4 total
> |- #) [# of hits] regular expression
> | 1) [4] drupal([^|]*){3}\[<HOST>\].*Login attempt
failed.*$
> `-
>
> Ignoreregex: 0 total
>
> Date template hits:
> |- [# of hits] date format
> | [5] {^LN-BEG}(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
> `-
>
> Lines: 5 lines, 0 ignored, 4 matched, 1 missed
> [processed in 0.01 sec]
>
> |- Missed line(s):
> | Feb 17 14:24:46 www
drupal[3981]:https://www.clubenaval.org.br/novo|1581949486|user|177.124.244.10|https://www.clubenaval.org.br/novo/?q=area_socio_entrada&destination=node/365|https://www.clubenaval.org.br/novo/?q=area_socio_entrada|15||Session
opened for chmviola
> `-
>
> Your English is good.
> Bill
>
> On 2/17/2020 11:53 AM, Henrique Fagundes wrote:
> Dear Dudi,Excuse me!Here is the right file:https://temporario.aprendendolinux.com/fail2ban/filter.d/drupal-auth.conf.txt ---- Ativado Seg, 17 fev 2020 13:13:10 -0300 Dudi Goldenberg <[email protected]> escreveu ----
> Hi, > > What is the content of drupal-auth.conf? You pasted drupal-comment.conf. > > Regards, > > D. > > -----Original Message----- > From: Henrique Fagundes [mailto:[email protected]] >
Sent: Monday, February 17, 2020 17:41 > To: Fail2ban Users <[email protected]> > Subject: [Fail2ban-users] Blocking Logins in Drupal 7 does not work! > > Dear Colleagues, > > Good afternoon! >
> But once, I come to enlist the help of this group. Some will certainly remember me, with the PhpMyAdmin problem that I ended up solving with the update. > > Now, I have the same problem with Drupal (and I cannot update it). I
can't get fail2ban to stop login attempts with error. > > What I find strange is that before migrating from server, it used version 0.9.6-2 of fail2ban in Debian 9.12 and it worked correctly. > > I migrated the server to a
CentOS 8.1 running fail2ban in version 0.10.5-2. And after that, the lock does not work. > > I will share the configuration files with you: > > /etc/fail2ban/jail.conf: >
https://temporario.aprendendolinux.com/fail2ban/jail.conf.txt > > /etc/fail2ban/filter.d/drupal-auth.conf: > https://temporario.aprendendolinux.com/fail2ban/filter.d/drupal-comment.conf.txt > > /var/log/messages: >
https://temporario.aprendendolinux.com/messages.txt > > I understand that the correct thing would be for fail2ban to block IP 177.124.244.10 after the third login attempt, but it is not happening. > > can anybody help me? >
> I apologize for the possible typos. I am Brazilian and I have difficulties with English. > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] >
https://lists.sourceforge.net/lists/listinfo/fail2ban-users >_______________________________________________Fail2ban-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
