I delete Fail2ban module because want to use CSF, but CSF can’t block SASL brute force attack even use custom regex. So i want to install Fail2ban module again, but Fail2ban not show anymore at Un-used Modules. Already try Refresh Modules still not show.
How to install Fail2ban again?
Thanks.
| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu 22.04 |
| Webmin version | 2.102 |
Hello,
You could simply run apt-get install --reinstall webmin to restore any deleted files from the original package.
No, CSF can block absolutely anything based on the custom regex rule.
please help how to make csf custom regex rule works, already follow any tutorial to block SASL brute force attack but not work.
Thanks.
Please note that making a working CSF custom regex may be time consuming. What regex have you tried that didn’t work?
i try this tutorial How to block SASL login attacks in zimbra using csf - ITBlog by webdigg but LFD not block SASL brute force
and then i have try change to more simply regex if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ m/SASL LOGIN authentication failed/)) { return ("Failed SASL login from",$1,"mysaslmatch","2","25,465,587","1"); } but still not work.
i have try that regex at Perl Playground and works, but LFD still not block SASL brute force
They document it pretty well in their examples. Your regex needs to catch and pass an IP address to block, e.g.:
SASL\s+PLAIN\s+authentication\s+failed:.*\[\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s*\]
Also, make sure that the right log file is used for CUSTOM1_LOG in your CSF configuration.
Anyway, the right place to ask your question is:
You didn’t need to delete Fail2Ban module and CSF would of disabled it from memory.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.