1

I try to write custom jail for PostgreSQL. My log line looks like this:

2025-01-24 14:43:17.769 CET [112253] postgres@postgres FATAL: no pg_hba.conf entry for host "x.x.x.x", user "postgres", database "postgres", SSL off

My fail2ban filter file:

[Definition] failregex = ^\s*\S+\s+\S+\s+\S+\s+\[\d+\]\s+\S+@\S+\s+FATAL:\s+no pg_hba\.conf entry for host "<ADDR>", user '<F-USER>.*</F-USER>', database '.*', SSL off.*$

After testing with this command:

echo '2025-01-24 14:43:17.769 CET [112253] postgres@postgres FATAL: no pg_hba.conf entry for host "x.x.x.x", user "postgres", database "postgres", SSL off' | fail2ban-regex - /etc/fail2ban/filter.d/postgresql.conf

Output:

Running tests ============= Use failregex filter file : postgresql, basedir: /etc/fail2ban Use single line : - Results ======= Failregex: 0 total Ignoreregex: 0 total Date template hits: Lines: 1 lines, 0 ignored, 0 matched, 1 missed [processed in 0.01 sec] |- Missed line(s): | - `-

What is wrong with regex?

Improve this question

1 Answer 1

Reset to default
0

While many command line utilities read from standard in when given the filename -, this has to be programmed into them, so unfortunately not all do, and fail2ban-regex is one which does not. You can see it states that the line it compared to your regex is -. That is, literally a one-character line, whose one character is -.

Instead of piping to fail2ban-regex, you need to provide the line as an argument:

fail2ban-regex \ '2025-01-24 14:43:17.769 CET [112253] postgres@postgres FATAL: no pg_hba.conf entry for host "x.x.x.x", user "postgres", database "postgres", SSL off' \ /etc/fail2ban/filter.d/postgresql.conf

If your line is not really coming from an echo command, but from another command:

fail2ban-regex \ "$(thecommand with args)" \ /etc/fail2ban/filter.d/postgresql.conf
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.