From ca1e910fa9952cdcec6362373fd495c4e43a33ce Mon Sep 17 00:00:00 2001 From: David Galloway Date: Thu, 15 Nov 2018 10:30:42 -0500 Subject: [PATCH] public_facing: Support multiline regex fail2ban filters Signed-off-by: David Galloway --- roles/public_facing/README.rst | 7 +++++-- roles/public_facing/templates/f2b.filter.j2 | 5 +++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst index 1edf7ed..b5a29ad 100644 --- a/roles/public_facing/README.rst +++ b/roles/public_facing/README.rst @@ -60,11 +60,14 @@ If required, define these in your ansible inventory ``host_vars`` file. - "80" - "443" -``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use. For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal. See filter example:: +``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use. For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal. ``maxlines`` is an optional variable. See filter example:: f2b_filters: apache-cachet: - failregex: " .*GET /auth/login.*$" + failregex: " .*GET /auth/login.*$" + example-filter: + failregex: " .*foo$" + maxlines: 3 Common Tasks ++++++++++++ diff --git a/roles/public_facing/templates/f2b.filter.j2 b/roles/public_facing/templates/f2b.filter.j2 index 4cc8df0..86db2b7 100644 --- a/roles/public_facing/templates/f2b.filter.j2 +++ b/roles/public_facing/templates/f2b.filter.j2 @@ -3,3 +3,8 @@ # [Definition] failregex = {{ item.value.failregex }} + +{% if item.value.maxlines is defined %} +[Init] +maxlines = {{ item.value.maxlines }} +{% endif %} -- 2.39.5