Merge pull request #12 from alexxroche/master

Example fail2ban config for ruroco
beac0n · Aug 29, 2024 · 7306f02 · 7306f02
2 parents 97eba55 + c9e2eca
commit 7306f02
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -99,4 +99,4 @@ clean_test_end_to_end:
 
 	sudo rm -rf /tmp/ruroco_test
 	sudo rm -rf /etc/ruroco
-	sudo rm -f /run/systemd/system/ruroco-commander.service /run/systemd/system/ruroco.service /run/systemd/system/ruroco.socket
+	sudo rm -f /run/systemd/system/ruroco-commander.service /run/systemd/system/ruroco.service /run/systemd/system/ruroco.socket
diff --git a/fail2ban/filter.d/ruroco.conf b/fail2ban/filter.d/ruroco.conf
@@ -0,0 +1,19 @@
+[Definition]
+# example log error
+#Aug 25 23:44:05 ns0 ruroco-server[667459]: [2024-08-25T23:44:06Z ERROR ] Invalid read count 256, expected 1024 from 10.0.0.2:50893
+# from `journalctl -fu ruroco`
+
+# the colour formatting in ruroco/src/common.rs:{info() error()} becomes invisible chars in journalctl chars around the 'ERROR'
+failregex = ^.*?ruroco-server\[\d+\]: \[\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z[^E]*ERROR[^\]]*\] Invalid read count \d+, expected \d+ from <HOST>:\d+$
+# TODO Yet to be tested on IPv6
+# TODO see if a DoS with other UDP packerts show up in the logs for ruroco or ruroco-commander
+
+ignoreregex = ^.* INFO \] Successfully .*$
+
+datepattern = ^%%Y-%%m-%%dT%%H:%%M:%%SZ
+# DEV NOTES:
+#
+# Author: alexx
+# ver. 2024-Aug-26.001
+# testing: fail2ban-regex systemd-journal /etc/fail2ban/filter.d/ruroco.conf
+
diff --git a/fail2ban/ruroco.conf b/fail2ban/ruroco.conf
@@ -0,0 +1,7 @@
+[ruroco]
+enable  = true
+port    = 8080
+#backend = systed # enable if using journalctl
+#logfile = /var/log/syslog # if that is were logs are being sent
+filter  = ruroco
+maxretry = 5