From add8e61036a2dcb62250cb46e1209e0a5379b379 Mon Sep 17 00:00:00 2001
From: Cyril Roos <cyril@localhost.localdomain>
Date: Wed, 2 Jul 2014 13:52:06 +0200
Subject: [PATCH] Added Directadmin filter, jail and log test

---
 config/filter.d/directadmin.conf      | 23 +++++++++++++++++++++++
 config/jail.conf                      |  5 +++++
 fail2ban/tests/files/logs/directadmin | 14 ++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 config/filter.d/directadmin.conf
 create mode 100644 fail2ban/tests/files/logs/directadmin

diff --git a/config/filter.d/directadmin.conf b/config/filter.d/directadmin.conf
new file mode 100644
index 00000000..7622e548
--- /dev/null
+++ b/config/filter.d/directadmin.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file for Directadmin
+#
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^: \'<HOST>\' \d{1,3} failed login attempt(s)?. \s*
+
+ignoreregex = 
+
+[Init]
+datepattern = ^%%Y:%%m:%%d-%%H:%%M:%%S
+
+#
+# Requires Directadmin v1.45.3 or higher. http://www.directadmin.com/features.php?id=1590
+#
+# Author: Cyril Roos
+
diff --git a/config/jail.conf b/config/jail.conf
index c42952d8..bfc2a9c2 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -709,3 +709,8 @@ enabled = false
 logpath = /opt/sun/comms/messaging64/log/mail.log_current
 maxretry = 6
 banaction = iptables-allports
+
+[directadmin]
+enabled = false
+logpath = /var/log/directadmin/login.log
+port = 2222
diff --git a/fail2ban/tests/files/logs/directadmin b/fail2ban/tests/files/logs/directadmin
new file mode 100644
index 00000000..85f7f8b9
--- /dev/null
+++ b/fail2ban/tests/files/logs/directadmin
@@ -0,0 +1,14 @@
+# failJSON: { "time": "2014-07-02T00:17:45", "match": true , "host": "3.2.1.4" }
+2014:07:02-00:17:45: '3.2.1.4' 2 failed login attempts. Account 'test'
+
+# failJSON: { "time": "2014-07-02T13:07:40", "match": true , "host": "40.40.123.231" }
+2014:07:02-13:07:40: '40.40.123.231' 13 failed login attempts. Account 'admin'
+
+# failJSON: { "time": "2014-07-02T13:07:50", "match": true , "host": "40.40.123.231" }
+2014:07:02-13:07:50: '40.40.123.231' 5 failed login attempt. Invalid account 'user%2Ename'
+
+# failJSON: { "time": "2014-07-02T13:28:39", "match": false , "host": "12.12.123.231" }
+2014:07:02-13:28:39: '12.12.123.231' successful login to 'nobody' after 1 attempts
+
+# failJSON: { "time": "2014-07-02T13:29:38", "match": true , "host": "1.2.3.4" }
+2014:07:02-13:29:38: '1.2.3.4' 2 failed login attempts. Account 'user' via 'admin'