diff --git a/ChangeLog b/ChangeLog index c741283b7..5b58c9e3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,7 +29,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition ### New Features and Enhancements * `action.d/*-ipset.conf`: - parameter `ipsettype` to set type of ipset, e. g. hash:ip, hash:net, etc (gh-3760) - +* `filter.d/proxmox.conf` - add support to Proxmox Web GUI (gh-2966) ver. 1.1.0 (2024/04/25) - object-found--norad-59479-cospar-2024-069a--altitude-36267km ----------- diff --git a/config/filter.d/proxmox.conf b/config/filter.d/proxmox.conf new file mode 100644 index 000000000..8d7975b28 --- /dev/null +++ b/config/filter.d/proxmox.conf @@ -0,0 +1,20 @@ +# Fail2Ban filter for Proxmox Web GUI +# +# Jail example: +# [proxmox] +# enabled = true +# port = https,http,8006 +# filter = proxmox +# logpath = /var/log/daemon.log +# maxretry = 3 +# # 1 hour +# bantime = 3600 + +[Definition] + +_daemon = pvedaemon + +failregex = ^\s*\S+ %(_daemon)s\[\d+\]: authentication failure; rhost= user=\S+ + +ignoreregex = + diff --git a/config/jail.conf b/config/jail.conf index a1ced24d5..edf3e6761 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -990,3 +990,6 @@ logpath = /var/log/monitorix-httpd port = 1080 logpath = %(syslog_daemon)s +[proxmox] +port = https,http,8006 +logpath = /var/log/daemon.log diff --git a/fail2ban/tests/files/logs/proxmox b/fail2ban/tests/files/logs/proxmox new file mode 100644 index 000000000..70580f142 --- /dev/null +++ b/fail2ban/tests/files/logs/proxmox @@ -0,0 +1,5 @@ +# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "192.0.2.123" } +Mar 8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=192.0.2.123 user=root@pam msg=Authentication failure + +# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "192.0.2.124" } +Mar 9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=192.0.2.124 user=jose@pve msg=invalid credentials