Bug#452346: fail2ban-regex does not work

Wed, 21 Nov 2007 21:03:56 -0800 

Package: fail2ban
Version: 0.7.5-2
Debian version: Etch

The "fail2ban-regex" command is has problems with the input parameters.
When I invoke "fail2ban-regex /var/log/auth.log
/etc/fail2ban/filter.d/sshd.conf" it ends up with "Sorry, no match" result.

[code]
jozjan:~# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

Sorry, no match
[/code]

When I invoke "fail2ban-regex foo foo" it ends up with this message:

[code]
jozjan:~# fail2ban-regex foo foo

Found a match but no valid date/time found for foo. Please contact the
author in order to get support for this format

Sorry, no match
[/code]


The Sarge version from official backports seems to work:

[code]
ns:~# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file   : /var/log/auth.log


Results
=======

Failregex
|- Regular expressions:
|  [1] (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
|  [2] Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
|  [3] ROOT LOGIN REFUSED.* FROM <HOST>\s*$
|  [4] [iI](?:llegal|nvalid) user .* from <HOST>\s*$
|  [5] User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
|  [6] User .+ from <HOST> not allowed because none of user's groups are
listed in AllowGroups\s*$
|
`- Number of matches:
   [1] 0 match(es)
   [2] 58 match(es)
   [3] 0 match(es)
   [4] 0 match(es)
   [5] 0 match(es)
   [6] 0 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
[2]
    147.x.x.x (Thu Nov 22 02:00:59 2007)
    147.x.y.z (Thu Nov 22 02:03:05 2007)
    ...
[3]
[4]
[5]
[6]

Date template hits:
58 hit(s): Month Day Hour:Minute:Second
0 hit(s): Weekday Month Day Hour:Minute:Second Year
0 hit(s): Weekday Month Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-Month-Year Hour:Minute:Second[.Millisecond]
0 hit(s): TAI64N
0 hit(s): Epoch

Success, the total number of match is 58

However, look at the above section 'Running tests' which could contain
important
information.
[/code]

Although the sarge backport version is 0.8.1-2~bpo31+1, which is a "complete
rewrite of 0.7 version", so maybe the behavior of fail2ban-regex in the 0.7
brand is a bit different. But whatever the behavior is, it's not working in
Etch :-(

Thank you.

All the best,
   Jozef Janitor

Reply via email to