`filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail);

closes gh-3769
2024-06-21 13:24:46 +02:00 · 2024-06-21 13:24:46 +02:00 · a7f3a04b0e
parent ab9d41e530
commit a7f3a04b0e
2 changed files with 6 additions and 4 deletions
--- a/1
+++ b/1
@ -20,6 +20,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
  - sshd backend switched to `systemd` (gh-3292)
 * `action.d/firewallcmd-ipset.conf`:
  - rename `ipsettype` to `ipsetbackend` (gh-2620), parameter `ipsettype` will be used now to the real set type (gh-3760)
+* `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (gh-3769)

 ### New Features and Enhancements
 * `action.d/*-ipset.conf`:
--- a/config/filter.d/recidive.conf
+++ b/config/filter.d/recidive.conf
@ -24,14 +24,15 @@ before = common.conf
 _daemon = (?:fail2ban(?:-server|\.actions)\s*)

 # The name of the jail that this filter is used for. In jail.conf, name the jail using
-# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`
-_jailname = recidive
+# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`,
+# default all jails excepting recidive
+_jailname = (?!recidive\])[^\]]*

-failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[<_jailname>\]\s+Ban\s+<HOST>

 [lt_short]
 _daemon = (?:fail2ban(?:-server|\.actions)?\s*)
-failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[<_jailname>\]\s+Ban\s+<HOST>

 [lt_journal]
 _daemon = <lt_short/_daemon>