[Linux-aus] python regex

Daniel Black daniel.subs at internode.on.net
Mon Oct 7 18:37:56 EST 2013


On 07/10/13 17:43, Nick Edwards wrote:
> Since this list seems to have a few python experts going by the
> previous thread, wondering if one can offer some advice
> 
> This is a fail2ban regex, seeking out nothing, or ",something", by this  mean

<HOST> is a fail2ban ism for matching a IP host and it isn't part of
python regex.

> 
> TLS/SSL connections will only match  rip=(?P<host>\S*),.*
> 
> But plain connections will only match on rip=(?P<host>\S*)

fail2ban matches on logs as it doesn't listen to network connections itself.

> neither includes the other, so at present we have duplication
> 
> (other_specific_matching_criteria).*rip=(?P<host>\S*)
> to match on plain, and
> (other_specific_matching_criteria).*rip=(?P<host>\S*),.*      to match
> on ,SSL/TLS/secure/whatever
> 
> these rules work, but surely there is a way to have one command, that,
> doesnt care if what it wants ends at host bit, or carries on, in perl
> this is deal simple, but not so in python

Fail2ban regex aren't anchored at the end automatic.

> 
> I have tried .*    since . is supposed to be 0 or 1

. is any character

http://docs.python.org/2/library/re.html


> , I have also tried .*?
> and a bunch of other variations.
> 
> Any suggestions?

1) use the fail2ban-regex tool

2) Try using this tool: https://www.debuggex.com/?flavor=python

Replace host> with (?:ipv4) to use this

3)

Provide specific log examples to the fail2ban list
(fail2ban-users at lists.sourceforge.net)







More information about the linux-aus mailing list