github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only): 

- extended with optional prefix for the systemd-journal (with second date-pattern as optional match);
- added `journalmatch` filtering;
closes gh-2043
pull/2048/head
sebres 2018-02-09 11:43:55 +01:00
parent 3e15343343
commit 19a5a2f8c0
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
config/filter.d/murmur.conf
View File

@ -1,11 +1,6 @@
# Fail2Ban filter for murmur/mumble-server # Fail2Ban filter for murmur/mumble-server
# #
[INCLUDES]
before = common.conf
[Definition] [Definition]
_daemon = murmurd _daemon = murmurd
@ -15,7 +10,13 @@ _daemon = murmurd
# variable in your server config file (murmur.ini / mumble-server.ini). # variable in your server config file (murmur.ini / mumble-server.ini).
_usernameregex = [^>]+ _usernameregex = [^>]+
_prefix = \s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+: # Prefix for systemd-journal (with second date-pattern as optional match):
#
__prefix_journal = (?:\S+\s+%(_daemon)s\[\d+\]:(?:\s+\<W\>[\d\-]+ [\d:]+.\d+)?)
__prefix_line = %(__prefix_journal)s?
_prefix = %(__prefix_line)s\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
prefregex = ^%(_prefix)s <F-CONTENT>.+</F-CONTENT>$ prefregex = ^%(_prefix)s <F-CONTENT>.+</F-CONTENT>$
@ -26,6 +27,8 @@ ignoreregex =
datepattern = ^<W>{DATE} datepattern = ^<W>{DATE}
journalmatch = _SYSTEMD_UNIT=murmurd.service + _COMM=murmurd
# DEV Notes: # DEV Notes:
# #
# Author: Ross Brown # Author: Ross Brown