Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zoneminder jail.conf and zoneminder.conf update #3521

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Zoneminder jail.conf and zoneminder.conf update #3521

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
19b621a
Update jail.conf
clipo1979 Jun 7, 2023
7446806
Update zoneminder.conf
clipo1979 Jun 7, 2023
f62e43f
Update jail.conf
clipo1979 Jun 7, 2023
5977e06
Update jail.conf
clipo1979 Jun 25, 2023
bd174c1
Update zoneminder
clipo1979 Jun 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Prev Previous commit
Next Next commit
Update zoneminder.conf 
Updated due to upstream package changes
  • Loading branch information
@clipo1979
clipo1979 committed Jun 7, 2023
commit 744680666b2eadfe02c0455edcf9109b2e0e63ac
37 changes: 26 additions & 11 deletions config/filter.d/zoneminder.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,42 @@
# Fail2Ban filter for Zoneminder login failures

#Use the following command for testing - Ubuntu
#sudo fail2ban-regex -v /var/log/zm/web_php.log /etc/fail2ban/filter.d/zoneminder.conf

# Example pattern ZM < 1.34
#pattern=[Wed Apr 27 23:12:07.736196 2016] [:error] [pid 2460] [client 10.1.1.1:47296] WAR [Login denied for user "test"], referer: https://zoneminderurl/index.php

# Example pattern ZM > 1.34 = Default pattern with no additional settings with in ZM Options Tab
#pattern=7/17/22, 3:01:06 PM GMT+1.104844 web_php[281296].ERR [192.168.0.3] [Could not retrieve user test details] at /usr/share/zoneminder/www/includes/auth.php line 312

# Example pattern ZM > 1.34 with ZM Options Tab setting DATETIME_FORMAT_PATTERN = yyyy/MM/dd HH:mm:ss
#pattern=2022/08/18 18:26:02.873802 web_php[918957].ERR [192.168.0.181] [Could not retrieve user test details] at /usr/share/zoneminder/www/includes/auth.php line 312


[INCLUDES]
before = apache-common.conf

[Definition]

# patterns: [Mon Mar 28 16:50:49.522240 2016] [:error] [pid 1795] [client 10.1.1.1:50700] WAR [Login denied for user "username1"], referer: https://zoneminder/
# [Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user test details], referer: https://zm/
# [Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "john"], referer: https://zm/
#
# Option: failregex
# Notes.: regex to match the login failure and non-existent user error messages in the logfile.

prefregex = ^%(_apache_error_client)s (?:ERR|WAR) <F-CONTENT>\[(?:Login denied|Could not retrieve).*</F-CONTENT>$
#Uncomment the below regex for use with ZM < 1.34
#failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\]

#Uncomment the below regex for use with ZM > 1.34
failregex = ^\s*web_php\[\d+\]\.ERR \[<HOST>\] \[(?:Could not retrieve user|Login denied for user) \S+
clipo1979 marked this conversation as resolved.
Show resolved Hide resolved

#Dateformate patterns :

#NOTE: ZM Version > 1.34 to use the Fail2Ban standard inbuilt datepattern regex set the DATETIME_FORMAT_PATTERN to yyyy/MM/dd HH:mm:ss within Zoneminder Options Tab

failregex = ^\[Login denied for user "<F-USER>[^"]*</F-USER>"\]
^\[Could not retrieve user <F-USER>\S*</F-USER>
#Experimental alternative dateformate patterns are
#datepattern = ^%%m/%%d/%%y %%H:%%M:%%S(?:\.%%f)

ignoreregex =

# Notes:
# Tested on Zoneminder 1.29 and 1.35.21
# Set the DATETIME_FORMAT_PATTERN to yyyy/MM/dd HH:mm:ss within Zoneminder Options Tab
#
# Zoneminder versions > 1.3x use "ERR" and < 1.3x use "WAR" level logs, so i've kept both for compatibility reasons
# Author: Clipo
#
# Author: John Marzella