-
I recenlty switched to Fail2ban v0.11.2 and everything works fine except my jail for NX Nomachine
The parsed log file:
Nomachine provide a filter:
fail2ban error log:
Running fail2ban-regex report errors
I see thread here on Github with same error message but did not really undestood what is going on. Computer is running Slackware -current (15). Slackware fail2ban package build script is located here |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
This is known (and already fixed) bug... You could avoid it without patching the fail2ban using more precise anchored [Definition]
datepattern = \son (?:%%a )?%%b %%d %%k:%%M:%%S(?:\.%%f)?(?: %%Y)?\.$
failregex = ^Info: Connection from <ADDR>
Strange filter... how it is intended to work without false positives, for instance shall ignore legitimate users connecting more than 5 times in 4 hours (related to your jail settings).
Fail2ban extracts the date matching some (default) datepattern (needed to consider the time of failure), but since the time is at end of string (really "bad" practice for logging) it is variable in its position, so fail2ban had troubles to check whether the pattern found something looking like a timestamp by unanchored pattern (protection against injection on foreign user input). |
Beta Was this translation helpful? Give feedback.
This is known (and already fixed) bug...
See #3020 (comment)
You could avoid it without patching the fail2ban using more precise anchored
datepattern
:Strange filter... how it is intended to work without false positives, for instance shall ignore legitimate users connecting more than 5 times in 4 hours (related to your jail settings).
Fail2ban extracts the date matching some (default) datepattern (needed to consider the time of failure), but since the time is at …