github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #302 from grooverdan/perdition 

ENH: new filter perdition.conf
pull/304/merge
Daniel Black 2013-07-23 18:31:27 -07:00
parent a012b54117 8f532f9148
commit 2d52fc3d18
5 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -36,6 +36,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
Daniel Black Daniel Black
* filter.d/exim-spam.conf -- a splitout of exim's spam regexes * filter.d/exim-spam.conf -- a splitout of exim's spam regexes
with additions for greater control over filtering spam. with additions for greater control over filtering spam.
Christophe Carles & Daniel Black
* filter.d/perdition.conf -- filter added
- Enhancements: - Enhancements:
Daniel Black Daniel Black
* filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening * filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening

1
THANKS
View File

@ -11,6 +11,7 @@ Axel Thimm
Bill Heaton Bill Heaton
Carlos Alberto Lopez Perez Carlos Alberto Lopez Perez
Christian Rauch Christian Rauch
Christophe Carles
Christoph Haas Christoph Haas
Christos Psonis Christos Psonis
Daniel B. Cid Daniel B. Cid

16
config/filter.d/perdition.conf Normal file
View File

@ -0,0 +1,16 @@
# Fail2Ban configuration file
#
# Author: Christophe Carles and Daniel Black
#
#
[INCLUDES]
before = common.conf
[Definition]
_daemon=perdition.\S+
failregex = ^%(__prefix_line)sAuth: <HOST>:\d+->(\d{1,3}\.){3}\d{1,3}:\d+ client-secure=\S+ authorisation_id=NONE authentication_id=".+" server="\S+" protocol=\S+ server-secure=\S+ status="failed: (local authentication failure|Re-Authentication Failure)"$
^%(__prefix_line)sFatal Error reading authentication information from client <HOST>:\d+->(\d{1,3}\.){3}\d{1,3}:\d+: Exiting child$

7
config/jail.conf
View File

@ -419,3 +419,10 @@ enabled = false
filter = exim-spam filter = exim-spam
action = iptables-multiport[name=exim-spam,port="25,465,587"] action = iptables-multiport[name=exim-spam,port="25,465,587"]
logpath = /var/log/exim/mainlog logpath = /var/log/exim/mainlog
[perdition]
enabled = false
filter = perdition
action = iptables-multiport[name=perdition,port="110,143,993,995"]
logpath = /var/log/maillog

4
testcases/files/logs/perdition Normal file
View File

@ -0,0 +1,4 @@
# failJSON: { "time": "2005-07-18T16:07:18", "match": true , "host": "192.168.8.100" }
Jul 18 16:07:18 ares perdition.imaps[3194]: Auth: 192.168.8.100:2274->193.48.191.9:993 client-secure=ssl authorisation_id=NONE authentication_id="carles" server="imap.biotoul.fr:993" protocol=IMAP4S server-secure=ssl status="failed: Re-Authentication Failure"
# failJSON: { "time": "2005-07-18T16:08:58", "match": true , "host": "192.168.8.100" }
Jul 18 16:08:58 ares perdition.imaps[3194]: Fatal Error reading authentication information from client 192.168.8.100:2274->193.48.191.9:993: Exiting child