github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated zoneminder filter 

Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts
pull/2984/head
j-marz 2021-03-28 21:19:10 +11:00
parent 80a33b1dee
commit 2686811593
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/filter.d/zoneminder.conf
View File

@ -5,17 +5,23 @@ before = apache-common.conf
[Definition]
# pattern: [Wed Apr 27 23:12:07.736196 2016] [:error] [pid 2460] [client 10.1.1.1:47296] WAR [Login denied for user "test"], referer: https://zoneminderurl/index.php
#
#
# patterns:
# [Mon Mar 28 16:50:49.522240 2016] [:error] [pid 1795] [client 10.1.1.1:50700] WAR [Login denied for user "username1"], referer: https://zoneminder/
# [Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user test details], referer: https://zm/
# [Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "john"], referer: https://zm/
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile.
# Notes.: regex to match the login failure and non-existent user error messages in the logfile.
failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\]
^%(_apache_error_client)s ERR \[Login denied for user "[^"]*"\]
^%(_apache_error_client)s ERR \[Could not retrieve user \w* details\]
ignoreregex =
# Notes:
# Tested on Zoneminder 1.29.0
# Tested on Zoneminder 1.29 and 1.35.21
#
# Zoneminer versions > 1.3x use "ERR" and < 1.3x use "WAR" level logs, so i've kept both for compatibility reasons
#
# Author: John Marzella

6
fail2ban/tests/files/logs/zoneminder
View File

@ -1,2 +1,8 @@
# failJSON: { "time": "2016-03-28T16:50:49", "match": true , "host": "10.1.1.1" }
[Mon Mar 28 16:50:49.522240 2016] [:error] [pid 1795] [client 10.1.1.1:50700] WAR [Login denied for user "username1"], referer: https://zoneminder/
# failJSON: { "time": "2021-03-28T16:53:00", "match": true , "host": "10.1.1.1" }
[Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user username1 details], referer: https://zm/zm/?view=logout
# failJSON: { "time": "2021-03-28T16:59:14", "match": true , "host": "10.1.1.1" }
[Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "username1"], referer: https://zm/zm/?