Package: fail2ban Version: 0.8.3-2sid1 Severity: normal
Hello, fail2ban fails to catch pure-ftpd password guessing attempts. I have manually tried the regular expression that was there, originally, and it didn't match the affected log lines. Then I changed it to this: pure-ftpd(?:\[\d+\])?: (.*@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ (ie, not pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$ ) but still, no password guessing attempts are being caught. Increasing the log level to "DEBUG" only creates tons of noise about changing files, but I could not find anything about applying the regular expression, or about how all the variables are substituted in it (w/o reading the source code). Currently, I have this in jail.local: [pure-ftpd] enabled = true port = ftp,ftp-data,ftps,ftps-data filter = pure-ftpd logpath = /var/log/messages banaction = iptables-allports maxretry = 3 bantime = 1800 Kind regards, --Toni++ -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (990, 'stable'), (500, 'proposed-updates'), (450, 'testing'), (250, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
