In 1.34, fail2ban worked by monitoring /var/log/zm/web_php.log.
In 1.36, this log does not exist.
Is this a change in ZM or a config in PHP?
From scratch install running php7.4, UB20.04 & NGINX on both...
web_php.log & Fail2Ban -Solved- NEW REGEX -
web_php.log & Fail2Ban -Solved- NEW REGEX -
Last edited by Pedulla on Wed Sep 08, 2021 11:39 pm, edited 2 times in total.
Re: web_php.log & Fail2Ban
/var/log/zm/web_php.log does exist.
Ubuntu 20.04, Mariadb, Apache2 & PHP 7.4
Sorry, but my NGINX ZM server was destroyed by the guy that replaced me at the warehouse. If I get a chance in the next few days I'll set up a test machine to check this out.
Ubuntu 20.04, Mariadb, Apache2 & PHP 7.4
Sorry, but my NGINX ZM server was destroyed by the guy that replaced me at the warehouse. If I get a chance in the next few days I'll set up a test machine to check this out.
Re: web_php.log & Fail2Ban
Okay two systems, two results.
I upgraded a 1.34 server to 1.36 and web_php.log is there.
The initial system (which prompted this post) was a from scratch build and it's not there...
I'll repeat the experiment on some VM's... stand by....
I upgraded a 1.34 server to 1.36 and web_php.log is there.
The initial system (which prompted this post) was a from scratch build and it's not there...
I'll repeat the experiment on some VM's... stand by....
Re: web_php.log & Fail2Ban
Just did a 20.04 LEMP from a basic mini.iso "bare" install. Used the WIKI procedure for LEMP 1.34 but used 1.36. /var/log/zm/web_php.log is there.
Suspect that using a VM could be an issue. I almost never use a VM to run Zoneminder unless it is for testing and that is very rare.
Suspect that using a VM could be an issue. I almost never use a VM to run Zoneminder unless it is for testing and that is very rare.
Re: web_php.log & Fail2Ban
!!Solution!!
Need to have LOG_LEVEL_FILE set to at least Error in Options.Logging.
This makes total sense when you think about it...
Need to have LOG_LEVEL_FILE set to at least Error in Options.Logging.
This makes total sense when you think about it...
Re: web_php.log & Fail2Ban -Solved-
!!Update to fail2ban regex!!
The regex for zoneminder needs to read:
This gets both no user AND failed password.
Must have been a change somewhere along the way.
The regex for zoneminder needs to read:
Code: Select all
failregex = ^\s*web_php\[\d+\]\.ERR \[<HOST>\].*includes/auth.php
datepattern = ^%%m/%%d/%%y %%H:%%M:%%S(?:\.%%f)
Must have been a change somewhere along the way.
Re: web_php.log & Fail2Ban -Solved- NEW REGEX -
I have included this in the ZM distro under misc/fail2ban.rules