odoo 13에 Fail2ban을 설치했습니다.
다음은 내 구성 및 샘플 출력이지만 필터링되지 않는 이유를 알 수 없는 것 같습니다.
user@tempdev:/etc/fail2ban# 실패2ban-regex -v /var/log/odoo/odoo.log /etc/fail2ban/filter.d/odoo-login.conf
Running tests
=============
Use failregex filter file : odoo-login, basedir: /etc/fail2ban
Use log file : /var/log/odoo/odoo.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
|- #) [# of hits] regular expression
| 1) [0] ^\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>
`-
user@tempdev:/etc/fail2ban# cat /var/log/odoo/odoo.log | grep '로그인 실패'
2020-12-11 12:54:06,442 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asfd from 1.2.23.3
2020-12-11 13:11:20,945 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asfd from 1.2.23.3
2020-12-11 13:12:07,928 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asdf from 1.2.23.3
답변1
\s*Fail2ban은 문자열과 일치하는 날짜 패턴의 일부를 확실하게 잘라내지만 공백은 여전히 남아 있으므로 이전 앵커 뒤에 추가해야 합니다 \d+.
-failregex = ^\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>
+failregex = ^\s*\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>