[Feature Request] Extend FAIL2BAN_REGEX with "iot-malware download" verdict
Closed this issue · 1 comments
MikhailKasimov commented
Is your feature request related to a problem? Please describe.
Block sources with potential iot-malware download verdict:
Ref: https://twitter.com/500mk500/status/1260588201787494407
Describe the solution you'd like
See https://github.com/stamparm/maltrail/blob/master/maltrail.conf#L48C16-L48C123
FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code)|spammer|mass scanner --> FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code|iot-malware download)|spammer|mass scanner
MikhailKasimov commented
Done in 720014a + minor patch for REMOTE_SEVERITY_REGEX to handle iot-malware substring.