Ubuntu

Fail2ban 不在 odoo 日誌上執行正則表達式

  • December 19, 2020

我已經用 odoo 13 安裝了 fail2ban。

下面是我的配置和範例輸出,但我似乎無法弄清楚為什麼它不過濾。

user@tempdev:/etc/fail2ban# fail2ban-regex -v /var/log/odoo/odoo.log /etc/fail2ban/filter.d/odoo-login.conf

Running tests
=============

Use   failregex filter file : odoo-login, basedir: /etc/fail2ban
Use         log file : /var/log/odoo/odoo.log
Use         encoding : UTF-8


Results
=======

Failregex: 0 total
|-  #) [# of hits] regular expression
|   1) [0] ^\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>
`-

user@tempdev:/etc/fail2ban# cat /var/log/odoo/odoo.log | grep ‘登錄失敗’

2020-12-11 12:54:06,442 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asfd from 1.2.23.3 
2020-12-11 13:11:20,945 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asfd from 1.2.23.3 
2020-12-11 13:12:07,928 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asdf from 1.2.23.3 

Fail2ban 肯定會刪除字元串匹配的日期模式的部分,但仍然有一個空格,所以你必須\s*在錨之前添加\d+

-failregex = ^\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>
+failregex = ^\s*\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>

引用自:https://serverfault.com/questions/1045839