From 9a558589d7e67bfd553641bd9c074f85f97c50f4 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 30 Jul 2024 19:16:40 +0200 Subject: [PATCH] review (anchoring RE, etc) --- config/filter.d/proxmox.conf | 4 +++- fail2ban/tests/files/logs/proxmox | 11 +++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/config/filter.d/proxmox.conf b/config/filter.d/proxmox.conf index 4d7af59a..8d7975b2 100644 --- a/config/filter.d/proxmox.conf +++ b/config/filter.d/proxmox.conf @@ -12,7 +12,9 @@ [Definition] -failregex = pvedaemon\[\d*\]: authentication failure; rhost= user=.* msg=.* +_daemon = pvedaemon + +failregex = ^\s*\S+ %(_daemon)s\[\d+\]: authentication failure; rhost= user=\S+ ignoreregex = diff --git a/fail2ban/tests/files/logs/proxmox b/fail2ban/tests/files/logs/proxmox index 0e15fdc5..70580f14 100644 --- a/fail2ban/tests/files/logs/proxmox +++ b/fail2ban/tests/files/logs/proxmox @@ -1,6 +1,5 @@ -#1 -# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "212.106.229.105" } -Mar 8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=212.106.229.105 user=root@pam msg=Authentication failure -#2 -# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "212.106.229.105" } -Mar 9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=212.106.229.105 user=jose@pve msg=invalid credentials +# failJSON: { "time": "2005-03-08T09:37:44", "match": true , "host": "192.0.2.123" } +Mar 8 09:37:44 HOSTNAME pvedaemon[12021]: authentication failure; rhost=192.0.2.123 user=root@pam msg=Authentication failure + +# failJSON: { "time": "2005-03-09T03:32:27", "match": true , "host": "192.0.2.124" } +Mar 9 03:32:27 HOSTNAME pvedaemon[8961]: authentication failure; rhost=192.0.2.124 user=jose@pve msg=invalid credentials