From c0cee6bce659960d1c92b305296439ed6f0c6d44 Mon Sep 17 00:00:00 2001
From: Haraade <feriemobiltelefon@gmail.com>
Date: Wed, 12 Feb 2020 02:18:15 +0100
Subject: fail2ban: fix regex for NC18

---
 bin/ncp/SECURITY/fail2ban.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'bin')

diff --git a/bin/ncp/SECURITY/fail2ban.sh b/bin/ncp/SECURITY/fail2ban.sh
index 5c8c6007..5aa65906 100644
--- a/bin/ncp/SECURITY/fail2ban.sh
+++ b/bin/ncp/SECURITY/fail2ban.sh
@@ -98,7 +98,9 @@ configure()
 before = common.conf
 
 [Definition]
-failregex = Login failed.*Remote IP.*<HOST>
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
 ignoreregex =
 EOF
 
-- 
cgit v1.2.3