filter for openhab domotic software authentication failure with the rest api and web interface + test cases;

closes gh-1223

config/filter.d/openhab.conf

@@ -0,0 +1,16 @@
+# Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf:
+#
+# Block IPs trying to auth openhab by web or rest api
+#
+# Matches e.g.
+# 12.34.33.22 -  -  [26/sept./2015:18:04:43 +0200] "GET /openhab.app HTTP/1.1" 401 1382 
+# 175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384
+
+[Definition] 
+failregex = ^<HOST>\s+-\s+-\s+\[\]\s+"[A-Z]+ .*" 401 \d+\s*$
+
+[Init]
+datepattern = %%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z
+
+
+

config/jail.conf

@@ -306,6 +306,12 @@ port    = http,https
 logpath = %(apache_error_log)s
 maxretry = 1
 
+[openhab-auth]
+
+filter = openhab
+action = iptables-allports[name=NoAuthFailures]
+logpath = /opt/openhab/logs/request.log
+
 [nginx-http-auth]
 
 port    = http,https

fail2ban/tests/files/logs/openhab

@@ -0,0 +1,11 @@
+# should match
+# failJSON: { "time": "2015-09-02T00:11:31", "match": true , "host": "175.18.15.10" } 
+175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /openhab.app HTTP/1.1" 401 1382 
+# failJSON: { "time": "2015-09-02T00:11:31", "match": true , "host": "175.18.15.10" } 
+175.18.15.10 -  -  [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384
+
+# Should not match
+# failJSON: { "match": false }
+175.18.15.11 -  -  [17/oct./2015:00:35:12 +0200] "GET /openhab.app?sitemap=default&poll=true&__async=true&__source=waHome HTTP/1.1" 200 92 
+# failJSON: { "match": false }
+175.18.15.11 -  -  [16/oct./2015:20:29:38 +0200] "GET /rest/sitemaps/default/maison HTTP/1.1" 200 2837