github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Add Centreon jail

pull/2550/head
CPbN 2019-10-23 09:14:26 +02:00
parent 5e3fef1631
commit 18ba714f97
3 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/filter.d/centreon.conf Normal file
View File

@ -0,0 +1,9 @@
# Fail2Ban filter for Centreon Web
# Detecting unauthorized access to the Centreon Web portal
# typically logged in /var/log/centreon/login.log
[Init]
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
[Definition]
failregex = ^\[0-9-]*\|[0-9-]*\|\[0-9-]*|\[[^]]*\] \[<HOST>\] Authentication failed for '.+' :

3
config/jail.conf
View File

@ -820,6 +820,9 @@ udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010
action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
[centreon]
logpath = /var/log/centreon/login.log
# consider low maxretry and a long bantime
# nobody except your own Nagios server should ever probe nrpe
[nagios]

4
fail2ban/tests/files/logs/centreon Normal file
View File

@ -0,0 +1,4 @@
# Access of unauthorized host in /var/log/centreon/login.log
# failJSON: { "time": "2019-10-21T18:55:15", "match": true , "host": "50.97.225.132" }
2019-10-21 18:55:15|-1|0|0|[WEB] [50.97.225.132] Authentication failed for 'admin' : password mismatch