Package: fail2ban Version: 0.10.2-2.1 Severity: normal There is a problem in the regex matching for the optional named-refused filter.
Log messages from named that should be matched by this filter are not being matched because the log pattern for the host is different than expected. Specifically, it seems to be a problem with the prefregex portion of the pattern. An example log line is: Mar 4 07:32:52 myhost named[1390966]: client @0x7ff989af9780 124.81.141.74#53 (.): query (cache) './ANY/IN' denied The stock prefregex is causing match failures because of the '@0x7ff989af9780 ' portion of the log message. -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fail2ban depends on: ii lsb-base 10.2019051400 ii python3 3.7.3-1 Versions of packages fail2ban recommends: ii iptables 1.8.2-4 ii nftables 0.9.0-2 ii python 2.7.16-1 ii python3-pyinotify 0.9.6-1 ii python3-systemd 234-2+b1 ii whois 5.4.3 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-1 pn monit <none> ii rsyslog [system-log-daemon] 8.1901.0-1 ii sqlite3 3.27.2-3+deb10u1 -- no debconf information
