From 4396d57e3d314e652209c4f44d1787b860373433 Mon Sep 17 00:00:00 2001
From: MacRimi <ricoextincion@gmail.com>
Date: Thu, 12 Feb 2026 19:43:52 +0100
Subject: [PATCH] Update security_manager.py

---
 AppImage/scripts/security_manager.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/AppImage/scripts/security_manager.py b/AppImage/scripts/security_manager.py
index 45446cc0..3be47362 100644
--- a/AppImage/scripts/security_manager.py
+++ b/AppImage/scripts/security_manager.py
@@ -793,11 +793,11 @@ def apply_missing_jails():
     if "proxmox" not in current_jails:
         try:
             # Create filter with journalmatch for systemd backend.
-            # With backend=systemd, fail2ban receives only the MESSAGE field.
-            # We use _SYSTEMD_UNIT instead of _COMM (Proxmox truncates _COMM).
+            # No ^ anchor: fail2ban prepends timestamp+hostname to journal MESSAGE.
+            # _SYSTEMD_UNIT used instead of _COMM (Proxmox truncates _COMM).
             # Proxmox logs IPs as ::ffff:x.x.x.x (IPv4-mapped IPv6).
             filter_content = """[Definition]
-failregex = ^(pvedaemon\\[\\d+\\]:\\s+)?authentication (failure|error); rhost=(::ffff:)?<HOST> user=.* msg=.*$
+failregex = authentication (failure|error); rhost=(::ffff:)?<HOST> user=.* msg=.*
 ignoreregex =
 journalmatch = _SYSTEMD_UNIT=pvedaemon.service
 """