fail2ban/config/filter.d/zoneminder.conf

# Fail2Ban filter for Zoneminder login failures

[INCLUDES]
before = apache-common.conf

[Definition]

# pattern: [Wed Apr 27 23:12:07.736196 2016] [:error] [pid 2460] [client 10.1.1.1:47296] WAR [Login denied for user "test"], referer: https://zoneminderurl/index.php
#
#
# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile.

failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\]

ignoreregex =

# Notes:
#	Tested on Zoneminder 1.29.0
#
# Author: John Marzella
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00			`# Fail2Ban filter for Zoneminder login failures`
small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 09:48:01 +00:00
			`[INCLUDES]`
			`before = apache-common.conf`
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00
			`[Definition]`

changed zoneminder regex as per Sebres and yarikoptic recommendations 2016-04-30 05:26:36 +00:00			`# pattern: [Wed Apr 27 23:12:07.736196 2016] [:error] [pid 2460] [client 10.1.1.1:47296] WAR [Login denied for user "test"], referer: https://zoneminderurl/index.php`
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00			`#`
			`#`
			`# Option: failregex`
small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 09:48:01 +00:00			`# Notes.: regex to match the password failure messages in the logfile.`
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00
small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include 2017-09-04 09:48:01 +00:00			`failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\]`
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00
			`ignoreregex =`

			`# Notes:`
			`# Tested on Zoneminder 1.29.0`
			`#`
			`# Author: John Marzella`