From 1d6ff0685683213a22f26aa0707a0015c375d264 Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Mon, 31 Mar 2025 02:28:40 +0200
Subject: [PATCH] amend to a0093b557e920d5635ee714b8ba87c4b588651fe: filter
 only readable journal files by retrieving non-rotated files (if user is not
 root)

---
 fail2ban/server/filtersystemd.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
index feddc6e0..ce6600e3 100644
--- a/fail2ban/server/filtersystemd.py
+++ b/fail2ban/server/filtersystemd.py
@@ -63,7 +63,7 @@ def _globJournalFiles(flags=None, path=None):
 			filesSet |= set(glob(_join(p,'system.journal'))) - set(glob(_join(p,'system*@*.journal')))
 		# current user-journal:
 		if (flags is not None) and (flags & journal.CURRENT_USER):
-			uid = os.getuid()
+			uid = os.geteuid()
 			filesSet |= set(glob(_join(p,('user-%s.journal' % uid)))) - set(glob(_join(p,('user-%s@*.journal' % uid))))
 		# all local journals:
 		if (flags is None) or not (flags & (journal.SYSTEM_ONLY|journal.CURRENT_USER)):
@@ -77,7 +77,10 @@ def _globJournalFiles(flags=None, path=None):
 			_addJF(filesSet, _join(_getSystemdPath('system-state-logs'), 'journal/*'), flags)
 		# runtime journals corresponding flags:
 		_addJF(filesSet, _join(_getSystemdPath('system-runtime-logs'), 'journal/*'), flags)
-	return filesSet
+	# if not root, filter readable only:
+	if os.geteuid() != 0:
+		filesSet = [f for f in filesSet if os.access(f, os.R_OK)]
+	return filesSet if filesSet else None
 
 
 ##