From 14170ae2979aeaa533cdba1f12ab8ac470d42894 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 3 May 2013 15:34:04 +0200 Subject: [PATCH] Use upstream sogo-auth filter --- .../templates/etc/fail2ban/jail.conf/30Service35SOGo | 2 +- root/etc/fail2ban/filter.d/sogo-auth.conf | 20 ++++++++++++++++++++ root/etc/fail2ban/filter.d/sogo.conf | 10 ---------- 3 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 root/etc/fail2ban/filter.d/sogo-auth.conf delete mode 100644 root/etc/fail2ban/filter.d/sogo.conf diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo index 72c4106..149e09a 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo @@ -11,7 +11,7 @@ $OUT .=<<"EOF"; [sogo] enabled = true -filter = sogo +filter = sogo-auth logpath = /var/log/sogo/sogo.log action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] EOF diff --git a/root/etc/fail2ban/filter.d/sogo-auth.conf b/root/etc/fail2ban/filter.d/sogo-auth.conf new file mode 100644 index 0000000..3e23841 --- /dev/null +++ b/root/etc/fail2ban/filter.d/sogo-auth.conf @@ -0,0 +1,20 @@ +# /etc/fail2ban/filter.d/sogo-auth.conf +# +# Fail2Ban configuration file +# By Arnd Brandes +# SOGo +# + +[Definition] +# Option: failregex +# Filter Ban in /var/log/sogo/sogo.log +# Note: the error log may contain multiple hosts, whereas the first one +# is the client and all others are poxys. We match the first one, only + +failregex = Login from '' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/root/etc/fail2ban/filter.d/sogo.conf b/root/etc/fail2ban/filter.d/sogo.conf deleted file mode 100644 index 9357fc2..0000000 --- a/root/etc/fail2ban/filter.d/sogo.conf +++ /dev/null @@ -1,10 +0,0 @@ -[INCLUDES] -before = common.conf - -[Definition] - -_daemon = sogod - -failregex = ^\s*%(_daemon)s\s*%(__pid_re)s:\s*SOGoRootPage Login from '' for user '.*' might not have worked \-.*$ - -ignoreregex =