From 62eb9338bb962af746476a2d3463a46bf17aa5d1 Mon Sep 17 00:00:00 2001
From: bserie <bserie+gitit@evolix.fr>
Date: Fri, 14 Aug 2020 10:20:21 +0200
Subject: [PATCH] Ajout pm2-auth-failure

---
 HowtoFail2Ban.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/HowtoFail2Ban.md b/HowtoFail2Ban.md
index 84f2e2c4..18f79834 100644
--- a/HowtoFail2Ban.md
+++ b/HowtoFail2Ban.md
@@ -661,6 +661,33 @@ maxretry = 10
 findtime = 300
 ~~~
 
+### pm2 / nodejs
+
+/etc/fail2ban/filter.d/pm2-auth-failure.conf :
+
+~~~
+[Definition]
+failregex = .*Auth failure, WRONG_HASH for IP <HOST> .*
+[Init]
+datepattern = ^%%Y-%%m-%%d %%H:%%M
+~~~
+
+Définition de la jail :
+
+~~~
+[pm2-auth-failure]
+enabled = true
+port = http,https
+filter = pm2-auth-failure
+logpath = /home/APPPATH/.pm2/logs/api-error.log tail
+maxretry = 30
+findtime = 3600
+# A supprimmer une fois periode de test terminé
+banaction = none
+action = %(action_mailwhoisonly)s
+
+~~~
+
 ## Munin
 
 Pour activer les plugins Munin pour Fail2Ban :