NF: roundcube-auth filter (to close Debian #699442, needing debian/jail.conf section)

config/filter.d/roundcube-auth.conf

@@ -0,0 +1,22 @@
+# Fail2Ban configuration file for roundcube web server
+#
+# Author: Teodor Micu & Yaroslav Halchenko
+#
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = FAILED login for .*. from <HOST>\s*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 

config/jail.conf

@@ -192,6 +192,15 @@ action   = shorewall
            sendmail[name=Postfix, dest=you@example.com]
 logpath  = /var/log/apache2/error_log
 
+# Monitor roundcube server
+
+[roundcube-iptables]
+
+enabled  = false
+filter   = roundcube-auth
+action   = iptables[name=RoundCube, port="http,https"]
+logpath  = /var/log/roundcube/userlogins
+
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.

testcases/files/logs/roundcube-auth

@@ -0,0 +1 @@
+[22-Jan-2013 22:28:21 +0200]: FAILED login for user1 from 192.0.43.10