Navigation

    Logo
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Unread
    • Categories
    • Unreplied
    • Popular
    • GitHub
    • Docu
    • Hilfe
    1. Home
    2. Deutsch
    3. Off Topic
    4. fail2ban failregex

    NEWS

    • ioBroker@Smart Living Forum Solingen, 14.06. - Agenda added

    • ioBroker goes Matter ... Matter Adapter in Stable

    • Monatsrückblick - April 2025

    fail2ban failregex

    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BenjaminCz last edited by BenjaminCz

      Hallo,
      ich habe fail2ban am laufen und wollte gerne pgadmin4 absichern.

      Ich habe folgenden Auszug aus dem log bei einem fehlgeschlagenen logversuch:

      [Mon Dec 18 19:47:09.067181 2023] [wsgi:error] [pid 13484:tid 140319788598976] [remote xxx.xxx.xxx.xx:50511] connection to server at "xxx.xxx.xxx.xxx", port 5432 failed: FATAL:  password authentication failed for user "user"
      

      Ich habe im fail2ban filder folgendes stehen:

      [Definition]
      failregex = ^.*FATAL\: password authentication failed for user "user"*\"ip\"\:\"<HOST>\".*$
      

      und im jail:

      [pgadmin]
      enabled = true
      filter = pgadmin
      logpath = /var/log/apache2/pgadmin-error.log
      maxretry = 3
      bantime = 1d
      port = 5432,http,https
      

      Leider funktioniert es nicht also fail2ban sagt im jail immer fehlgeschlagene versuche = 0.
      Leider habe ich auch nichts im web gefunden wo erklärt ist wie das failregex aufgebaut ist. Kann mir da jemand weiterhelfen ?

      Vielen Dank und Schöne Feiertage !

      un99known99 1 Reply Last reply Reply Quote 0
      • un99known99
        un99known99 @BenjaminCz last edited by

        @benjamincz
        Hi,
        Du kannst Deinen Filter testen mit
        fail2ban-regex -v /var/log/DEINLOG.log /etc/fail2ban/filter.d/DEINEAPPLIKATION.conf

        B 1 Reply Last reply Reply Quote 0
        • B
          BenjaminCz @un99known99 last edited by

          @un99known99 ok super Danke probiere ich heute mal aus. Nur im vorfeld was genau zeigt mit fail2ban dann an ob der filter greift oder nur fehler oder gar info wie ich den filter programmieren soll ? Sorry bin ziemlich neu in dem thema also sshd funktioniert PostgreSQL auch nur brauche ich noch das pgadmin4 dann habe ich alles.
          Allerdings habe ich bei sshd und postgresql im internet schon passende failregex gefunden.

          Danke nochmals!

          1 Reply Last reply Reply Quote 0
          • B
            BenjaminCz last edited by

            Habe es ausprobiert und bekomme folgende Meldung:

            Running tests
            =============
            
            Use   failregex filter file : pgadmin, basedir: /etc/fail2ban
            Use         log file : /var/log/apache2/pgadmin-error.log
            Use         encoding : UTF-8
            
            
            Results
            =======
            
            Failregex: 0 total
            |-  #) [# of hits] regular expression
            |   1) [0] ^.*FATAL\: password authentication failed for user "postgres"*\"ip\"\:\"<HOST>\".*$
            `-
            
            Ignoreregex: 0 total
            
            Date template hits:
            |- [# of hits] date format
            |  [1141] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
            |  [0] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|  ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
            |  [0] {^LN-BEG}(?:DAY )?MON Day ExYear %k:Minute:Second(?:\.Microseconds)?
            |  [0] {^LN-BEG}Day(?P<_sep>[-/])Month(?P=_sep)(?:ExYear|ExYear2) %k:Minute:Second
            |  [0] {^LN-BEG}Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
            |  [0] {^LN-BEG}Month/Day/ExYear:24hour:Minute:Second
            |  [0] {^LN-BEG}Month-Day-ExYear %k:Minute:Second(?:\.Microseconds)?
            |  [0] {^LN-BEG}Epoch
            |  [0] {^LN-BEG}ExYear2ExMonthExDay  ?24hour:Minute:Second
            |  [0] {^LN-BEG}MON Day, ExYear 12hour:Minute:Second AMPM
            |  [0] {^LN-BEG}ExYearExMonthExDay(?:T|  ?)Ex24hourExMinuteExSecond(?:[.,]Microseconds)?(?:\s*Zone offset)?
            |  [0] {^LN-BEG}(?:Zone name )?(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
            |  [0] {^LN-BEG}(?:Zone offset )?(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
            |  [0] {^LN-BEG}TAI64N
            |  [0] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|  ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
            |  [0] (?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
            |  [0] (?:DAY )?MON Day ExYear %k:Minute:Second(?:\.Microseconds)?
            |  [0] Day(?P<_sep>[-/])Month(?P=_sep)(?:ExYear|ExYear2) %k:Minute:Second
            |  [0] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
            |  [0] Month/Day/ExYear:24hour:Minute:Second
            |  [0] Month-Day-ExYear %k:Minute:Second(?:\.Microseconds)?
            |  [0] Epoch
            |  [0] {^LN-BEG}24hour:Minute:Second
            |  [0] ^<Month/Day/ExYear2@24hour:Minute:Second>
            |  [0] ExYear2ExMonthExDay  ?24hour:Minute:Second
            |  [0] MON Day, ExYear 12hour:Minute:Second AMPM
            |  [0] ^MON-Day-ExYear2 %k:Minute:Second
            |  [0] ExYearExMonthExDay(?:T|  ?)Ex24hourExMinuteExSecond(?:[.,]Microseconds)?(?:\s*Zone offset)?
            |  [0] (?:Zone name )?(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
            |  [0] (?:Zone offset )?(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
            |  [0] TAI64N
            `-
            
            Lines: 1141 lines, 0 ignored, 0 matched, 1141 missed
            [processed in 0.03 sec]
            
            Missed line(s): too many to print.  Use --print-all-missed to print all 1141 lines
            

            Weiter komme ich leider nicht 😞

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Support us

            ioBroker
            Community Adapters
            Donate

            945
            Online

            31.7k
            Users

            79.8k
            Topics

            1.3m
            Posts

            2
            4
            539
            Loading More Posts
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes
            Reply
            • Reply as topic
            Log in to reply
            Community
            Impressum | Datenschutz-Bestimmungen | Nutzungsbedingungen
            The ioBroker Community 2014-2023
            logo