I'm on RHEL 9.x, after every VAPT on our server I got this situation:
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● tangd@5555-4.5.6.7:1234-1.2.3.4:42434.service loaded failed failed Tang Server (1.2.3.4:42434)
● tangd@5560-4.5.6.7:1234-1.2.3.4:42452.service loaded failed failed Tang Server (1.2.3.4:42452)
● tangd@5561-4.5.6.7:1234-1.2.3.4:42454.service loaded failed failed Tang Server (1.2.3.4:42454)
● tangd@5562-4.5.6.7:1234-1.2.3.4:42456.service loaded failed failed Tang Server (1.2.3.4:42456)
● tangd@5563-4.5.6.7:1234-1.2.3.4:42458.service loaded failed failed Tang Server (1.2.3.4:42458)
● tangd@5564-4.5.6.7:1234-1.2.3.4:42460.service loaded failed failed Tang Server (1.2.3.4:42460)
.....
.....
I'm trying to configure fail2ban, but I found it would be useful if you added the offending IP to the message:
HTTP Parsing Error: invalid HTTP method
and similar.
Right now I'm using this filter
failregex = .*tangd@.*-.*:1234-<HOST>:.*.service: Main process exited, code=exited, status=1/FAILURE
tangd\[.*\]: <HOST> GET .* => 404 \(../src/http.c:.*\)
but it's not enough.
Thanks
I'm on RHEL 9.x, after every VAPT on our server I got this situation:
I'm trying to configure fail2ban, but I found it would be useful if you added the offending IP to the message:
HTTP Parsing Error: invalid HTTP methodand similar.
Right now I'm using this filter
but it's not enough.
Thanks