From 0eea0a35db8061d51c35cba7bed7911ed822ca38 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Mon, 18 Nov 2013 08:58:23 +1100 Subject: [PATCH] ENH: filter.d/solid-pop3d - added log messages and regexes --- config/filter.d/solid-pop3d.conf | 13 ++++++++++++- testcases/files/logs/solid-pop3d | 20 ++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/config/filter.d/solid-pop3d.conf b/config/filter.d/solid-pop3d.conf index 67deafb6..68ac0a8e 100644 --- a/config/filter.d/solid-pop3d.conf +++ b/config/filter.d/solid-pop3d.conf @@ -1,5 +1,7 @@ # Fail2Ban filter for unsuccesful solid-pop3 authentication attempts # +# Doesn't currently provide PAM support. Please contribute sample logs +# to http://github.com/fail2ban/fail2ban/issues. # [INCLUDES] @@ -9,10 +11,19 @@ before = common.conf _daemon = solid-pop3d -failregex = ^%(__prefix_line)sauthentication failed: no such user: .*? - $ +failregex = ^%(__prefix_line)sauthentication failed: (no such user|can't map user name): .*? - $ + ^%(__prefix_line)s(APOP )?authentication failed for (mapped )?user .*? - $ + ^%(__prefix_line)sroot login not allowed - $ + ^%(__prefix_line)scan't find APOP secret for user .*? - $ ignoreregex = # DEV Notes: # +# solid-pop3d needs to be compiled with --enable-logextend to support +# IP addresses in log messages. +# +# solid-pop3d-0.15/src/main.c contains all authentication errors +# except for PAM authentication messages ( src/authenticate.c ) +# # Authors: Daniel Black diff --git a/testcases/files/logs/solid-pop3d b/testcases/files/logs/solid-pop3d index 0574084d..3fe27e58 100644 --- a/testcases/files/logs/solid-pop3d +++ b/testcases/files/logs/solid-pop3d @@ -1,2 +1,22 @@ # failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed: no such user: adrian - 123.33.44.45 + +# All below are manufactured from looking at log +# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } +Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed: can't map user name: adrian - 123.33.44.45 + +# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } +Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed for user adrain - 123.33.44.45 + +# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } +Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: authentication failed for mapped user adrain - 123.33.44.45 + +# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } +Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: root login not allowed - 123.33.44.45 + +# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } +Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: can't find APOP secret for user adrian - 123.33.44.45 + +# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" } +Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: APOP authentication failed for user adrian - 123.33.44.45 +