1/20/2021

Fail2ban Multi-Line Regex

I felt so stupid to not have thought of it earlier, maybe I can spare you some time by writing this.

As you probably know, fail2ban can match multi-line regular expressions, you can simply use \n to match a newline character.

I had developed and tested such a regex using https://regex101.com/ I can recommend that site, it is a big help.

Once the tests were successful, I wrote a fail2ban filter and tested it using fail2ban-regex. No joy. I shortened the regular expression until I got a match. But as soon as I added anything, even a dot to match any character, I got no matches again.

I have no idea why it took me so long to remember that fail2ban will by default only pass a single line to the regex, so any multi-line regex is bound to fail.

This is easy to fix: after  passeing the maxlines parameter to fail2ban-regex, the filter worked as designed. Then I only had to set the same parameter in the jail definition and was done.

So, when writing multi-line regular expressions for fail2ban, I hope you will be quicker than me to remember setting maxlines.

Posted by at No comments:

1/04/2021

smbd on Linux and Windows Authentication

 A common set up is to have the Windows and Unix username and password match, so that you do not always have to type in your password when connecting to a Linux share.

In my case this just did not work out, even after I added this to my dmb.conf:

ntlm auth = yes

It still asked for my password.

After having fiddled around for almost a day, this was the solution: do not trust the smbd default, instead do explicitly state them like so:

ntlm auth = yes
lanman auth = no
client lanman auth = no

After this change, everything worked as expected. It beats my, why smbd does not seem to know its own defaults ;-)

Many solutions on the web mentioned that you could set the security policy on Windows to NTLMv2. While this works, it does not seem to be the right approach to me, as you will have to apply this change to every single machine. A change on the server side made much more sense to me.

Hoping that this may help others who run into the same issue.

Posted by at No comments:
Subscribe to: Posts (Atom)
adaxas Web Directory