-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail2Ban Sample Configuration is Outdated #1177
Comments
@61214577 Instead of opening an issue, kindly make a PR for this instead. Thanks. |
Ah right the format changed. Your regex looks like it should match the
new format: https://regex101.com/r/4dnbf2/1
I'm not very familiar with fail2ban; is it possible <HOST> is choking on
the IPv6 address?
|
code-asher
added a commit
that referenced
this issue
Nov 14, 2019
This had to do with Ubuntu's apt providing an older version of fail2ban. Support for the type of datepattern regex used in the code-server configuration was added in the v0.10. Installing the latest release from the fail2ban github repo fixed the issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The provided fail2ban configuration is outdated and does not work. The format of the access log has apparently been changed.
This is what an entry on the access log looks like:
Failed login attempt {"remoteAddress":"::ffff:127.0.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0","timestamp":1573554454}
This does not match with the fail regex provided in the sample fail2ban configuration:
I have attempted to modify the fail regex for the new log format but have not been able to get the syntax correct. My regex is the following:
I am unable to get a match when testing with fail2ban-regex.
The text was updated successfully, but these errors were encountered: