mirror of https://github.com/fail2ban/fail2ban
ENH: Improve sieve regex and add sample line
parent
d791ba12ba
commit
534be189dc
|
@ -4,15 +4,24 @@
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# Read common prefixes. If any customizations available -- read them from
|
||||||
|
# common.local
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
||||||
|
_deamon = (?:cyrus/)?(?:tim)?sieved?
|
||||||
|
|
||||||
# Option: failregex
|
# Option: failregex
|
||||||
# Notes.: regex to match the password failures messages in the logfile. The
|
# Notes.: regex to match the password failures messages in the logfile. The
|
||||||
# host must be matched by a group named "host". The tag "<HOST>" can
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||||
# be used for standard IP/hostname matching.
|
# be used for standard IP/hostname matching.
|
||||||
# Values: TEXT
|
# Values: TEXT
|
||||||
#
|
#
|
||||||
failregex = : badlogin: .*\[<HOST>\] (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failure$
|
failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[<HOST>\] (?:LOGIN|PLAIN|OTP|(?:CRAM|DIGEST)-MD5) authentication failure$
|
||||||
|
|
||||||
# Option: ignoreregex
|
# Option: ignoreregex
|
||||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
|
|
@ -1,2 +1,6 @@
|
||||||
# failJSON: { "time": "2004-12-01T20:36:56", "match": true , "host": "1.2.3.4" }
|
# failJSON: { "time": "2004-12-01T20:36:56", "match": true , "host": "1.2.3.4" }
|
||||||
Dec 1 20:36:56 mail sieve[23713]: badlogin: example.com[1.2.3.4] PLAIN authentication failure
|
Dec 1 20:36:56 mail sieve[23713]: badlogin: example.com[1.2.3.4] PLAIN authentication failure
|
||||||
|
# failJSON: { "time": "2005-07-18T17:21:58", "match": true , "host": "1.2.3.4" }
|
||||||
|
Jul 18 17:21:58 ophelia cyrus/timsieved[12305]: badlogin: example.com[1.2.3.4] PLAIN authentication failure
|
||||||
|
# failJSON: { "time": "2004-09-25T22:07:38", "match": true , "host": "1.2.3.4" }
|
||||||
|
Sep 25 22:07:38 web9 timsieved[21040]: badlogin: web4[1.2.3.4] OTP authentication failure
|
||||||
|
|
Loading…
Reference in New Issue