ENH: filter for Tine 2.0

ChangeLog

@@ -54,6 +54,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
     ...: Auth fail". Thanks Marcel Dopita. Closes gh-289
   - Added filter.d/ejabberd-auth
   - Improved ACL-handling for Asterisk
+  - Added filter.d/tine20
 
 - New Features:
 

config/filter.d/tine20.conf

@@ -0,0 +1,13 @@
+# Fail2Ban filter for Tine 2.0 authentication
+#
+# Enable logging with:
+# $config['info_log']='/var/log/tine20/tine20.log';
+#
+
+[Definition]
+
+failregex = Login with username .* from <HOST> failed
+
+ignoreregex = 
+
+# Author: mkl from Tine20.org forum

config/jail.conf

@@ -442,6 +442,17 @@ logpath  = /var/log/horde/horde.log
 action   = iptables-multiport[name=horde, port="http,https"]
 maxretry = 5
 
+[tine20]
+
+enabled  = false
+filter   = tine20
+logpath  = /var/log/tine20/tine20.log
+action   = iptables-multiport[name=tine20, port="http,https"]
+# Tine 2.0 logs are in UTC instead of my servers local time (= CET = UTC+1). Need to increase findtime by one hour (3600 + 600 = 4200).
+# ( see: https://www.tine20.org/forum/viewtopic.php?f=12&t=976#p4746 )
+#  findtime: The counter is set to zero if no match is found within "findtime" seconds.
+findtime = 4200
+maxretry = 5
 
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year

testcases/files/logs/tine20

@@ -0,0 +1,2 @@
+# failJSON: { "time": "2014-01-13T05:02:22", "match": true, "host": "127.0.0.1" }
+78017 00cff -- none -- - 2014-01-13T05:02:22+00:00 WARN (4): Tinebase_Controller::login::106 Login with username sdfsadf from 127.0.0.1 failed (-1)!