Use upstream sogo-auth filter

tags/0.0.1
Daniel Berteaud 12 years ago
parent ba323c2557
commit 14170ae297
  1. 2
      root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo
  2. 20
      root/etc/fail2ban/filter.d/sogo-auth.conf
  3. 10
      root/etc/fail2ban/filter.d/sogo.conf

@ -11,7 +11,7 @@ $OUT .=<<"EOF";
[sogo]
enabled = true
filter = sogo
filter = sogo-auth
logpath = /var/log/sogo/sogo.log
action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
EOF

@ -0,0 +1,20 @@
# /etc/fail2ban/filter.d/sogo-auth.conf
#
# Fail2Ban configuration file
# By Arnd Brandes
# SOGo
#
[Definition]
# Option: failregex
# Filter Ban in /var/log/sogo/sogo.log
# Note: the error log may contain multiple hosts, whereas the first one
# is the client and all others are poxys. We match the first one, only
failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

@ -1,10 +0,0 @@
[INCLUDES]
before = common.conf
[Definition]
_daemon = sogod
failregex = ^\s*%(_daemon)s\s*%(__pid_re)s:\s*SOGoRootPage Login from '<HOST>' for user '.*' might not have worked \-.*$
ignoreregex =
Loading…
Cancel
Save