custom.regex.pm temporary value ignored
Posted: 01 Apr 2020, 12:27
So I've built this custom lfd in custom.regex.pm:
In csf.conf I have these variables set:
All works fine, the IP is being read by the regex and changing the LF_CUSTOMLOGIN value does change the trigger level but the temporary value is being ignored and the ban is set always as a permanent block. Changing the '${LF_CUSTOMLOGIN_PERM}' substitution in custom.regex.pm to a static number (be it "300" or "3600") doesn't affect it and still causes a permanent block.
Code: Select all
if (($globlogs{CUSTOM9_LOG}{$lgfile}) and ($line =~ /^[A-Z][a-z]{2} \d{2} \d{2}:\d{2}:\d{2} Invalid user login booting from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/)) {
return ("Failed booting login from",$1,"booting",${LF_CUSTOMLOGIN},"80,443,8443",${LF_CUSTOMLOGIN_PERM});
}Code: Select all
CUSTOM9_LOG = "/var/log/customsecure"
LF_CUSTOMLOGIN = "10"
LF_CUSTOMLOGIN_PERM = "300"
LF_TRIGGER = "0"