From ca45671db2ee4e397c672845cf8a68c25fbcf8c4 Mon Sep 17 00:00:00 2001 From: Jose Date: Tue, 9 Mar 2021 12:14:45 +0100 Subject: [PATCH 1/7] Add support to Proxmox Web GUI --- config/filter.d/proxmox.conf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 config/filter.d/proxmox.conf diff --git a/config/filter.d/proxmox.conf b/config/filter.d/proxmox.conf new file mode 100644 index 00000000..9c6419c9 --- /dev/null +++ b/config/filter.d/proxmox.conf @@ -0,0 +1,18 @@ +# Fail2Ban filter for Proxmox Web GUI +# +# Jail example: +# [proxmox] +# enabled = true +# port = https,http,8006 +# filter = proxmox +# logpath = /var/log/daemon.log +# maxretry = 3 +# # 1 hour +# bantime = 3600 + +[Definition] + +failregex = pvedaemon\[.*authentication failure; rhost= user=.* msg=.* + +ignoreregex = + From 4fb04842a26a0dffcc9a4c024ee8263aa82e98f1 Mon Sep 17 00:00:00 2001 From: Jose Date: Wed, 10 Mar 2021 15:22:52 +0100 Subject: [PATCH 2/7] add log file for tests --- fail2ban/tests/files/logs/proxmox | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 fail2ban/tests/files/logs/proxmox diff --git a/fail2ban/tests/files/logs/proxmox b/fail2ban/tests/files/logs/proxmox new file mode 100644 index 00000000..0e15fdc5 --- /dev/null +++ b/fail2ban/tests/files/logs/proxmox @@ -0,0 +1,6 @@ +#1 +# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "212.106.229.105" } +Mar 8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=212.106.229.105 user=root@pam msg=Authentication failure +#2 +# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "212.106.229.105" } +Mar 9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=212.106.229.105 user=jose@pve msg=invalid credentials From 07a7da8d8eaf13d61777dabb0b840ba384b8f372 Mon Sep 17 00:00:00 2001 From: Jose Date: Wed, 10 Mar 2021 15:35:25 +0100 Subject: [PATCH 3/7] Remove greedy catch-all before HOST --- config/filter.d/proxmox.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/proxmox.conf b/config/filter.d/proxmox.conf index 9c6419c9..9aa4091a 100644 --- a/config/filter.d/proxmox.conf +++ b/config/filter.d/proxmox.conf @@ -12,7 +12,7 @@ [Definition] -failregex = pvedaemon\[.*authentication failure; rhost= user=.* msg=.* +failregex = pvedaemon\[.d*\]: authentication failure; rhost= user=.* msg=.* ignoreregex = From 83f2d59eeeb9095b19545d2bfcf534eaaa7394d7 Mon Sep 17 00:00:00 2001 From: Jose Date: Wed, 10 Mar 2021 15:39:03 +0100 Subject: [PATCH 4/7] match numbers --- config/filter.d/proxmox.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/proxmox.conf b/config/filter.d/proxmox.conf index 9aa4091a..4d7af59a 100644 --- a/config/filter.d/proxmox.conf +++ b/config/filter.d/proxmox.conf @@ -12,7 +12,7 @@ [Definition] -failregex = pvedaemon\[.d*\]: authentication failure; rhost= user=.* msg=.* +failregex = pvedaemon\[\d*\]: authentication failure; rhost= user=.* msg=.* ignoreregex = From db8c943a7b784ab88742d2cec1b64ce5ddd523cc Mon Sep 17 00:00:00 2001 From: Jose Date: Wed, 10 Mar 2021 15:45:31 +0100 Subject: [PATCH 5/7] Add jail to jail.conf as requested by test-suite 'More filters exists than are referenced in stock jail.conf set(['proxmox']) --- config/jail.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/jail.conf b/config/jail.conf index a1ced24d..edf3e676 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -990,3 +990,6 @@ logpath = /var/log/monitorix-httpd port = 1080 logpath = %(syslog_daemon)s +[proxmox] +port = https,http,8006 +logpath = /var/log/daemon.log From 9a558589d7e67bfd553641bd9c074f85f97c50f4 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 30 Jul 2024 19:16:40 +0200 Subject: [PATCH 6/7] review (anchoring RE, etc) --- config/filter.d/proxmox.conf | 4 +++- fail2ban/tests/files/logs/proxmox | 11 +++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/config/filter.d/proxmox.conf b/config/filter.d/proxmox.conf index 4d7af59a..8d7975b2 100644 --- a/config/filter.d/proxmox.conf +++ b/config/filter.d/proxmox.conf @@ -12,7 +12,9 @@ [Definition] -failregex = pvedaemon\[\d*\]: authentication failure; rhost= user=.* msg=.* +_daemon = pvedaemon + +failregex = ^\s*\S+ %(_daemon)s\[\d+\]: authentication failure; rhost= user=\S+ ignoreregex = diff --git a/fail2ban/tests/files/logs/proxmox b/fail2ban/tests/files/logs/proxmox index 0e15fdc5..70580f14 100644 --- a/fail2ban/tests/files/logs/proxmox +++ b/fail2ban/tests/files/logs/proxmox @@ -1,6 +1,5 @@ -#1 -# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "212.106.229.105" } -Mar 8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=212.106.229.105 user=root@pam msg=Authentication failure -#2 -# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "212.106.229.105" } -Mar 9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=212.106.229.105 user=jose@pve msg=invalid credentials +# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "192.0.2.123" } +Mar 8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=192.0.2.123 user=root@pam msg=Authentication failure + +# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "192.0.2.124" } +Mar 9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=192.0.2.124 user=jose@pve msg=invalid credentials From 4a87802c59752353906d7c0fb78ed16b753cd4ef Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 30 Jul 2024 19:19:24 +0200 Subject: [PATCH 7/7] ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index c741283b..5b58c9e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,7 +29,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition ### New Features and Enhancements * `action.d/*-ipset.conf`: - parameter `ipsettype` to set type of ipset, e. g. hash:ip, hash:net, etc (gh-3760) - +* `filter.d/proxmox.conf` - add support to Proxmox Web GUI (gh-2966) ver. 1.1.0 (2024/04/25) - object-found--norad-59479-cospar-2024-069a--altitude-36267km -----------