Hello, i have followed the tut http://www.howtoforge.com/configuring-fail2ban-with-squirrelmail-on-centos-5.3-ispconfig-3 and have completed all steps by the book (triple checked this one). The squirrelmail_access_log has been created and there are 4 failed tries like: 04/18/2012 09:46:23 [LOGIN_ERROR] admin@domainname (localhost) from xxx.xxx.xxx.xxx: Unknown user or password incorrect. After i use the fail2ban-regex /var/lib/squirrelmail/prefs/squirrelmail_access_log /etc/fail2ban/filter.d/squirrelmail.conf i get the Following error: Running tests ============= Use regex file : /etc/fail2ban/filter.d/squirrelmail.conf Use log file : /var/lib/squirrelmail/prefs/squirrelmail_access_log Traceback (most recent call last): File "/usr/bin/fail2ban-regex", line 372, in ? fail2banRegex.testRegex(line) File "/usr/bin/fail2ban-regex", line 225, in testRegex ret = self.__filter.processLine(line) File "/usr/share/fail2ban/server/filter.py", line 265, in processLine return self.findFailure(timeLine, logLine) File "/usr/share/fail2ban/server/filter.py", line 311, in findFailure date = self.dateDetector.getUnixTime(timeLine) File "/usr/share/fail2ban/server/datedetector.py", line 167, in getUnixTime date = self.getTime(line) File "/usr/share/fail2ban/server/datedetector.py", line 156, in getTime date = template.getDate(line) File "/usr/share/fail2ban/server/datetemplate.py", line 140, in getDate date = list(time.strptime(conv, pattern)) File "/usr/lib64/python2.4/_strptime.py", line 287, in strptime format_regex = time_re.compile(format) File "/usr/lib64/python2.4/_strptime.py", line 264, in compile return re_compile(self.pattern(format), IGNORECASE) File "/usr/lib64/python2.4/sre.py", line 180, in compile return _compile(pattern, flags) File "/usr/lib64/python2.4/sre.py", line 227, in _compile raise error, v # invalid expression sre_constants.error: redefinition of group name 'Y' as group 7; was group 3 As you can see my python version is 2.4, the Fail2ban version is 0.8.4-29.el5(epel) though i have tried this on the 8.2 with the same error( i did upgrade to 8.4 since two days now). I have also followed the instructions on this topic (exacly the same problem but python 2.6) https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32369 without success...any one has this problem solved? I admit giving up on this one although a system is as strong as your weekest link :S
Hello, This is it: # Fail2Ban configuration file # # Author: Bill Landry ((email_protected)) # # $Revision: 510 $ [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}?(?P\S+) # Values: TEXT failregex = \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT ignoreregex =
I did a :set fileformat=unix just to be sure... Unfortunately i have goggled everything i could think of with no result... I hope someone sees this topic and perhaps make a suggestion that will help. Thanks for your time falko!
