CasperSecurity
# Fail2Ban filter for murmur/mumble-server
#
[Definition]
_daemon = murmurd
# N.B. If you allow users to have usernames that include the '>' character you
# should change this to match the regex assigned to the 'username'
# variable in your server config file (murmur.ini / mumble-server.ini).
_usernameregex = [^>]+
# Prefix for systemd-journal (with second date-pattern as optional match):
#
__prefix_journal = (?:\S+\s+%(_daemon)s\[\d+\]:(?:\s+\<W\>[\d\-]+ [\d:]+.\d+)?)
__prefix_line = %(__prefix_journal)s?
_prefix = %(__prefix_line)s\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
prefregex = ^%(_prefix)s <F-CONTENT>.+</F-CONTENT>$
failregex = ^Invalid server password$
^Wrong certificate or password for existing user$
ignoreregex =
datepattern = ^<W>{DATE}
journalmatch = _SYSTEMD_UNIT=murmurd.service + _COMM=murmurd
# DEV Notes:
#
# Author: Ross Brown