From 5240cfb528e373ec34cea694325a7d26ea19473b Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 2 May 2013 16:18:48 +0200 Subject: [PATCH] Add LL::NG filter and jail and default to disabled for SOGo jail --- .../etc/fail2ban/jail.conf/30Service35SOGo | 4 ++-- .../etc/fail2ban/jail.conf/30Service40LemonLDAPNG | 22 ++++++++++++++++++++++ root/etc/fail2ban/filter.d/lemonldap-ng.conf | 11 +++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG create mode 100644 root/etc/fail2ban/filter.d/lemonldap-ng.conf diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo index 2e626a9..0d99f45 100644 --- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo @@ -1,6 +1,6 @@ { -my $status = $sogod{'status'} || 'enabled'; +my $status = $sogod{'status'} || 'disabled'; return "" if ($status ne 'enabled'); my @ports = (); push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80'); @@ -16,7 +16,7 @@ logpath = /var/log/sogo/sogo.log action = smeserver[port="$port",protocol=tcp,bantime=$bantime] EOF -$OUT .= " sendmail[name=SOGo,dest=$maildest]\n" +$OUT .= " sendmail[name="SOGo",dest=$maildest]\n" if ($mail eq 'enabled'); } diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG new file mode 100644 index 0000000..f072cd3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG @@ -0,0 +1,22 @@ +{ + +my $status = ${'lemonldap-ng'}{'status'} || 'disabled'; +return "" if ($status ne 'enabled'); +my @ports = (); +push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80'); +push @ports, ($modSSL{'TCPPort'} || '443'); +my $port = join (",", @ports); + +$OUT .=<<"EOF"; + +[sogo] +enabled = true +filter = lemonldap-ng +logpath = /var/log/messages +action = smeserver[port="$port",protocol=tcp,bantime=$bantime] +EOF + +$OUT .= " sendmail[name="LemonLDAP::NG",dest=$maildest]\n" + if ($mail eq 'enabled'); + +} diff --git a/root/etc/fail2ban/filter.d/lemonldap-ng.conf b/root/etc/fail2ban/filter.d/lemonldap-ng.conf new file mode 100644 index 0000000..f7a52e2 --- /dev/null +++ b/root/etc/fail2ban/filter.d/lemonldap-ng.conf @@ -0,0 +1,11 @@ +[INCLUDES] +before = common.conf + +[Definition] + +_daemon = lemonldap\-ng + +failregex = ^\s*%(__prefix_line)s\s*Lemonldap::NG : .* was not found in LDAP directory \(\)\s*$ + ^\s*%(__prefix_line)s\s*Lemonldap::NG : Bad password for .* \(\)\s*$ + +ignoreregex =