ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update fail2ban.rules 

Update to add working rule for changes from version 1.35+
pull/3723/head
clipo1979 2023-06-07 21:39:20 +01:00 committed by GitHub
parent 81b9ac5efd
commit 6aa817116c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 63 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
misc/fail2ban.rules
View File

@ -1,2 +1,63 @@
failregex = ^\s*web_php\[\d+\]\.ERR \[<HOST>\].*includes/auth.php
datepattern = ^%%m/%%d/%%y %%H:%%M:%%S(?:\.%%f)
####### Update / Add the below to the /fail2ban/jail.local ########
#[zoneminder]
## Commented out as outdated version
## Zoneminder <1.35 HTTP/HTTPS web interface auth
## Logs auth failures to apache2 error log
#enabled = false
#port = http,https
#logpath = %(apache_error_log)s
[zoneminder]
# Zoneminder >1.35 HTTP/HTTPS web interface auth
# Logs auth failures to Zoneminder web_php.log and apache error log
# See notes in filter.d/zoneminder.conf
enabled = false
port = http,https
logpath = /var/log/zm/web_php.log
######## Update / Add the below to the /fail2ban/filter.d/zoneminder.conf #########
# Fail2Ban filter for Zoneminder login failures
#Use the following command for testing - Ubuntu
#sudo fail2ban-regex -v /var/log/zm/web_php.log /etc/fail2ban/filter.d/zoneminder.conf
# Example pattern ZM < 1.34
#pattern=[Wed Apr 27 23:12:07.736196 2016] [:error] [pid 2460] [client 10.1.1.1:47296] WAR [Login denied for user "test"], referer: https://zoneminderurl/index.php
# Example pattern ZM > 1.34 = Default pattern with no additional settings with in ZM Options Tab
#pattern=7/17/22, 3:01:06 PM GMT+1.104844 web_php[281296].ERR [192.168.0.3] [Could not retrieve user test details] at /usr/share/zoneminder/www/includes/auth.php line 312
# Example pattern ZM > 1.34 with ZM Options Tab setting DATETIME_FORMAT_PATTERN = yyyy/MM/dd HH:mm:ss
#pattern=2022/08/18 18:26:02.873802 web_php[918957].ERR [192.168.0.181] [Could not retrieve user test details] at /usr/share/zoneminder/www/includes/auth.php line 312
[INCLUDES]
before = apache-common.conf
[Definition]
# Option: failregex
#Uncomment the below regex for use with ZM < 1.34
#failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\]
#Uncomment the below regex for use with ZM > 1.34
failregex = ^\s*web_php\[\d+\]\.ERR \[<HOST>\] \[(?:Could not retrieve user|Login denied for user) \S+
#Dateformate patterns :
#NOTE: ZM Version > 1.34 to use the Fail2Ban standard inbuilt datepattern regex set the DATETIME_FORMAT_PATTERN to yyyy/MM/dd HH:mm:ss within Zoneminder Options Tab
#Experimental alternative dateformate patterns are
#datepattern = ^%%m/%%d/%%y %%H:%%M:%%S(?:\.%%f)
ignoreregex =
# Notes:
# Set the DATETIME_FORMAT_PATTERN to yyyy/MM/dd HH:mm:ss within Zoneminder Options Tab
#
# Author: Clipo
#