I have installed fail2ban as packaged by Debian on a server under my control. Since I have some failregexes from before, I'm putting those into the local filter definition file so they will be considered as well. Hence, I end up with e.g. /etc/fail2ban/filter.d/sshd.conf and /etc/fail2ban/filter.d/sshd.local. This is the way it is recommended to be set up and it appears to be working just fine for what it is.
However, in the .local file, I'm actually replacing the whole list of failregexes from the .conf file. The documentation doesn't seem to indicate there is any other way of doing it, and to get it to work, I've simply copied the distribution-supplied .conf file to a .local file and made some additions.
It would be really nice if I can simply amend the list, benefiting from the work of the upstream and Debian maintainers in staying abreast of changes to the distribution-maintained log entry filter regexes.
The only real workaround I can think of is to actually create two jails, one using the distribution-provided configuration and one using my own. This would appear to have the (fairly significant) downside that they are treated as independent jails (which you'd expect with such a setup).
Surely I can't be the only one wanting to just add a few failregexes of my own to an already existing collection, with a minimum of maintenance hassle.
Is it possible to amend the lists of failregex and ignoreregex within a fail2ban filter definition through a site-local or host-local file, without making any changes to the corresponding global or distribution-supplied file? If it is, then how to do it?