github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: filter.d/solid-pop3d - added log messages and regexes

pull/438/head
Daniel Black 2013-11-18 08:58:23 +11:00
parent b3b9ea4559
commit 0eea0a35db
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/filter.d/solid-pop3d.conf
View File

@ -1,5 +1,7 @@
# Fail2Ban filter for unsuccesful solid-pop3 authentication attempts
#
# Doesn't currently provide PAM support. Please contribute sample logs
# to http://github.com/fail2ban/fail2ban/issues.
#
[INCLUDES]
@ -9,10 +11,19 @@ before = common.conf
_daemon = solid-pop3d
failregex = ^%(__prefix_line)sauthentication failed: no such user: .*? - <HOST>$
failregex = ^%(__prefix_line)sauthentication failed: (no such user|can't map user name): .*? - <HOST>$
^%(__prefix_line)s(APOP )?authentication failed for (mapped )?user .*? - <HOST>$
^%(__prefix_line)sroot login not allowed - <HOST>$
^%(__prefix_line)scan't find APOP secret for user .*? - <HOST>$
ignoreregex =
# DEV Notes:
#
# solid-pop3d needs to be compiled with --enable-logextend to support
# IP addresses in log messages.
#
# solid-pop3d-0.15/src/main.c contains all authentication errors
# except for PAM authentication messages ( src/authenticate.c )
#
# Authors: Daniel Black

20
testcases/files/logs/solid-pop3d
View File

@ -1,2 +1,22 @@
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed: no such user: adrian - 123.33.44.45
# All below are manufactured from looking at log
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed: can't map user name: adrian - 123.33.44.45
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed for user adrain - 123.33.44.45
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed for mapped user adrain - 123.33.44.45
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: root login not allowed - 123.33.44.45
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: can't find APOP secret for user adrian - 123.33.44.45
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: APOP authentication failed for user adrian - 123.33.44.45