Sziasztok
ha ezt beírom a parancssorba akkor kiadja az eredményeket
fail2ban-regex /var/log/mail.log "reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected:"
Running tests
=============
Use regex line : reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Clien...
Use log file : /var/log/mail.log
Results
=======
Failregex
|- Regular expressions:
| [1] reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected:
|
`- Number of matches:
[1] 245 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Addresses found:
[1]
213.142.148.150 (Sun Nov 24 06:29:39 2019)
...
41.228.74.129 (Mon Nov 25 16:05:55 2019)
Date template hits:
16986 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
Success, the total number of match is 245
However, look at the above section 'Running tests' which could contain important
information.
Ha hasonlót építek be egy conf fájlba:
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision$
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
_daemon = postfix/smtpd
#NOQUEUE: reject: RCPT from unknown[213.142.148.190]: 450 4.7.1 Client host rejected:
failregex = ^%(__prefix_line)sreject: RCPT from \S+\[<HOST>\]$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
és lefuttatom ezt:
fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/postfix.conf
akkor ezt kapom:
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/postfix.conf
Use log file : /var/log/mail.log
Results
=======
Failregex
|- Regular expressions:
| [1] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?|[\[\(]?postfix/smtpd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*reject: RCPT from \S+\[<HOST>\]$
|
`- Number of matches:
[1] 0 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Sorry, no match
Look at the above section 'Running tests' which could contain important
information.
Mitől nem szerepel a "kevesebb/gyengébb" regexp mint ha csak úgy írom be a parancssorba?
- 180 megtekintés
Hozzászólások
Meglett a megoldás:
failregex = NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname
NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.1\.8 <[^<>]*>: Sender address rejected: Domain not found
NOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 <[^<>]*>: Helo command rejected: Host not found
sorok kerültek csak bele a conf -ba $ meg prefix line nélkül. így megy szuperül.
- A hozzászóláshoz be kell jelentkezni