From 1ea68b2d0c5415709cebec0edd6dbca85e15be5c Mon Sep 17 00:00:00 2001
From: Daniel Black <grooverdan@users.sourceforge.net>
Date: Mon, 18 Nov 2013 09:44:26 +1100
Subject: [PATCH] DOC: filter.d/solid-pop3d - document lack of PAM support.
Thanks to Jacques for the log messages
---
config/filter.d/solid-pop3d.conf | 7 +++++--
testcases/files/logs/solid-pop3d | 3 +++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/config/filter.d/solid-pop3d.conf b/config/filter.d/solid-pop3d.conf
index 68ac0a8e..d97cc134 100644
--- a/config/filter.d/solid-pop3d.conf
+++ b/config/filter.d/solid-pop3d.conf
@@ -1,7 +1,7 @@
# Fail2Ban filter for unsuccesful solid-pop3 authentication attempts
#
-# Doesn't currently provide PAM support. Please contribute sample logs
-# to http://github.com/fail2ban/fail2ban/issues.
+# Doesn't currently provide PAM support as PAM log messages don't include rhost as
+# remote IP.
#
[INCLUDES]
@@ -25,5 +25,8 @@ ignoreregex =
#
# solid-pop3d-0.15/src/main.c contains all authentication errors
# except for PAM authentication messages ( src/authenticate.c )
+#
+# A pam authentication failure message (note no IP for rhost).
+# Nov 17 23:17:50 emf1pt2-2-35-70 solid-pop3d[17176]: pam_unix(solid-pop3d:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=jacques
#
# Authors: Daniel Black
diff --git a/testcases/files/logs/solid-pop3d b/testcases/files/logs/solid-pop3d
index 3fe27e58..45c4ecaf 100644
--- a/testcases/files/logs/solid-pop3d
+++ b/testcases/files/logs/solid-pop3d
@@ -20,3 +20,6 @@ Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: can't find APOP secret for us
# failJSON: { "time": "2004-11-15T00:34:53", "match": true , "host": "123.33.44.45" }
Nov 15 00:34:53 rmc1pt2-2-35-70 solid-pop3d[3822]: APOP authentication failed for user adrian - 123.33.44.45
+# Real log messages again:
+# failJSON: { "time": "2004-11-17T23:10:03", "match": true , "host": "190.16.165.230" }
+Nov 17 23:10:03 emf1pt2-2-35-70 solid-pop3d[16993]: authentication failed for user jacques - 190.16.165.230