Merge pull request #2966 from Derecho-com/master

Add support to Proxmox Web GUI

ChangeLog

@@ -29,7 +29,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
 ### New Features and Enhancements
 * `action.d/*-ipset.conf`:
   - parameter `ipsettype` to set type of ipset, e. g. hash:ip, hash:net, etc (gh-3760)
-
+* `filter.d/proxmox.conf` - add support to Proxmox Web GUI (gh-2966)
 
 ver. 1.1.0 (2024/04/25) - object-found--norad-59479-cospar-2024-069a--altitude-36267km
 -----------

config/filter.d/proxmox.conf

@@ -0,0 +1,20 @@
+# Fail2Ban filter for Proxmox Web GUI
+#
+# Jail example:
+#    [proxmox]
+#    enabled = true
+#    port = https,http,8006
+#    filter = proxmox
+#    logpath = /var/log/daemon.log
+#    maxretry = 3
+#    # 1 hour
+#    bantime = 3600
+
+[Definition]
+
+_daemon = pvedaemon
+
+failregex = ^\s*\S+ %(_daemon)s\[\d+\]: authentication failure; rhost=<ADDR> user=<F-USER>\S+</F-USER>
+
+ignoreregex =
+

config/jail.conf

@@ -990,3 +990,6 @@ logpath = /var/log/monitorix-httpd
 port    = 1080
 logpath = %(syslog_daemon)s
 
+[proxmox]
+port = https,http,8006
+logpath = /var/log/daemon.log

fail2ban/tests/files/logs/proxmox

@@ -0,0 +1,5 @@
+# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "192.0.2.123" }
+Mar  8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=192.0.2.123 user=root@pam msg=Authentication failure
+
+# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "192.0.2.124" }
+Mar  9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=192.0.2.124 user=jose@pve msg=invalid credentials