diff --git a/ChangeLog b/ChangeLog index 2ca227ff..de804b5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better ...: Auth fail". Thanks Marcel Dopita. Closes gh-289 - Added filter.d/ejabberd-auth - Improved ACL-handling for Asterisk + - Added filter.d/tine20 - New Features: diff --git a/config/filter.d/tine20.conf b/config/filter.d/tine20.conf new file mode 100644 index 00000000..a878d890 --- /dev/null +++ b/config/filter.d/tine20.conf @@ -0,0 +1,13 @@ +# Fail2Ban filter for Tine 2.0 authentication +# +# Enable logging with: +# $config['info_log']='/var/log/tine20/tine20.log'; +# + +[Definition] + +failregex = Login with username .* from failed + +ignoreregex = + +# Author: mkl from Tine20.org forum diff --git a/config/jail.conf b/config/jail.conf index 5dcce02c..827e2287 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -442,6 +442,17 @@ logpath = /var/log/horde/horde.log action = iptables-multiport[name=horde, port="http,https"] maxretry = 5 +[tine20] + +enabled = false +filter = tine20 +logpath = /var/log/tine20/tine20.log +action = iptables-multiport[name=tine20, port="http,https"] +# Tine 2.0 logs are in UTC instead of my servers local time (= CET = UTC+1). Need to increase findtime by one hour (3600 + 600 = 4200). +# ( see: https://www.tine20.org/forum/viewtopic.php?f=12&t=976#p4746 ) +# findtime: The counter is set to zero if no match is found within "findtime" seconds. +findtime = 4200 +maxretry = 5 # Ban attackers that try to use PHP's URL-fopen() functionality # through GET/POST variables. - Experimental, with more than a year diff --git a/testcases/files/logs/tine20 b/testcases/files/logs/tine20 new file mode 100644 index 00000000..87d5c8ae --- /dev/null +++ b/testcases/files/logs/tine20 @@ -0,0 +1,2 @@ +# failJSON: { "time": "2014-01-13T05:02:22", "match": true, "host": "127.0.0.1" } +78017 00cff -- none -- - 2014-01-13T05:02:22+00:00 WARN (4): Tinebase_Controller::login::106 Login with username sdfsadf from 127.0.0.1 failed (-1)!