I doubt that this wishlist should be addressed due 1. fail2ban works at the moment independently on each log line, thus it is impossible to discriminate between multiple occasions of a single line (which could be totally "legal") or different multiple matches.
2. xmlrpc vulnerability was fixed and there are multiple softwares
using it, and we don't want to block hosts which would access xmlrpc.php
for a good reason ;-)
thus at the moment I don't see this rule implemented.
but I would suggest to rephrase this wishlist may be as a new feature
request to have multiple separate regexps, and ban
if a given IP scans through the list, trying to sense present vulnerable
software. If you agree that it might be useful -- I would forward this
wishlist upstream. If you think that the issue is minor - I would like
to close the bug with "wontfix"
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpFeQN8IxS1p.pgp
Description: PGP signature
