[Feature Request] Extend FAIL2BAN_REGEX with "iot-malware download" verdict
Closed this issue · 1 comments
MikhailKasimov commented
Is your feature request related to a problem? Please describe.
Block sources with potential iot-malware download
verdict:
Ref: https://twitter.com/500mk500/status/1260588201787494407
Describe the solution you'd like
See https://github.com/stamparm/maltrail/blob/master/maltrail.conf#L48C16-L48C123
FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code)|spammer|mass scanner
--> FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code|iot-malware download)|spammer|mass scanner
MikhailKasimov commented
Done in 720014a + minor patch for REMOTE_SEVERITY_REGEX
to handle iot-malware
substring.