Match pam file lines

Question

I would like to parse pam files with the following two examples and look for deny configuration.

auth    required     pam_faillock.so authsucc deny=4 even_deny_root unlock_time=1200
auth    required     pam_faillock.so authsucc even_deny_root unlock_time=1200

The pattern should match both lines:

1 Line Match should return group1 "deny=4" and group2 "4"

2 Line Match should return empty group1 and empty group2

(^auth\s+required\s+pam_faillock\.so).*?(?(1) (deny\=(\d+))|(.*))

That is not quite clear. Try `^(?|.*?(deny=(\d*))|()())`. Or, if the beginning should be considered, try `^auth\s+required\s+pam_faillock\.so\s(?|.*?(deny=(\d*))|()())?` — Wiktor Stribiżew, Aug 23 '23 at 08:34
`(?(1)`..true case..`|`..false case..`)` is a conditional, because group1 is not optional will never look the false case, also in the first line dedny=4 is group 2 and 4 group 3 — Nahuel Fouilleul, Aug 23 '23 at 09:14
@WiktorStribiżew Great thanks, that was exactly what I was looking for. Is it possible to fill dummy data into a third group in the last match, even if the match is not present. `... |()()(dummydata))` — EricStolz, Aug 24 '23 at 19:26
No, it is not possible to *set* some default value via regex. It can only return what is present in the input text. — Wiktor Stribiżew, Aug 24 '23 at 19:56

score 1 · Accepted Answer · answered Aug 24 '23 at 19:58

You can use

^auth\s+required\s+pam_faillock\.so\s(?|.*?(deny=(\d*))|()())?

Details:

^auth\s+required\s+pam_faillock\.so - auth required pam_faillock.so string where the spaces can be one or many
\s - a single whitespace
(?|.*?(deny=(\d*))|()())? - an optional branch reset group that matches
- .*?(deny=(\d*)) - any zero or more chars other than line break chars as few as possible, then a Group 1 that captures deny= + zero or more digits that are themselves captured into Group 2
- | - or
- ()() - Group 1 and 2 that contain empty strings.

See the regex demo.

Match pam file lines

1 Answers1