ENH: add filter openwebmail. Closes gh-543.

11 years ago · 856407379b
parent 934058cc06
commit 856407379b
5 changed files with 38 additions and 5 deletions
--- a/10
+++ b/10
@ -45,14 +45,14 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
  - added ufw action. Thanks Guilhem Lettron. lp-#701522
  - exim-spam filter to match spamassassin log entry for option SAdevnull.
    Thanks Ivo Truxa. Closes gh-533
  - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
 - New Features:
-  Daniel Black
+  - filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist.
-   * filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist.
+  - Add filter for apache-modsecurity
-   * Add filter for apache-modsecurity
+  - filter.d/nsd.conf -- also amended Unix date template to match nsd format
-  Bas van den Dikkenberg & Steven Hiscocks
+  - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
   * filter.d/nsd.conf -- also amended Unix date template to match nsd format
 - Enhancements:
  - loglines now also report "[PID]" after the name portion
--- a/2
+++ b/2
@ -63,6 +63,7 @@ testcases/files/logs/suhosin
 testcases/files/logs/mysqld-auth
 testcases/files/logs/named-refused
 testcases/files/logs/nginx-http-auth
 testcases/files/logs/openwebmail
 testcases/files/logs/pam-generic
 testcases/files/logs/postfix
 testcases/files/logs/proftpd
@ -150,6 +151,7 @@ config/filter.d/exim.conf
 config/filter.d/gssftpd.conf
 config/filter.d/suhosin.conf
 config/filter.d/named-refused.conf
 config/filter.d/openwebmail.conf
 config/filter.d/postfix.conf
 config/filter.d/proftpd.conf
 config/filter.d/pure-ftpd.conf
--- a/config/filter.d/openwebmail.conf
+++ b/config/filter.d/openwebmail.conf
@ -0,0 +1,15 @@
 # Fail2Ban filter for Openwebmail
 # banning hosts with authentication errors in /var/log/openwebmail.log
 # OpenWebMail http://openwebmail.org
 #
 [Definition]
 failregex = ^ - \[\d+\] \(<HOST>\) .* login error .+$
            ^ - \[\d+\] \(<HOST>\) .* doesn't exist$
 ignoreregex =
 # DEV Notes:
 #
 # Author: Ivo Truxa (c) 2013 truXoft.com
--- a/config/jail.conf
+++ b/config/jail.conf
@ -285,6 +285,16 @@ action   = iptables-multiport[name=SOGo, port="http,https"]
 logpath  = /var/log/sogo/sogo.log
 [openwebmail]
 enabled  = false
 filter   = openwebmail
 logpath  = /var/log/openwebmail.log
 action   = ipfw
           sendmail-whois[name=openwebmail, dest=you@example.com]
 maxretry = 5
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
--- a/testcases/files/logs/openwebmail
+++ b/testcases/files/logs/openwebmail
@ -0,0 +1,6 @@
 # failJSON: { "time": "2013-12-28T19:03:53", "match": true , "host": "178.123.108.196" }
 Sat Dec 28 19:03:53 2013 - [72926] (178.123.108.196) gsdfg - userinfo error - auth_unix.pl, ret -4, User gsdfg doesn't exist
 # failJSON: { "time": "2013-12-28T19:04:03", "match": true , "host": "178.123.108.196" }
 Sat Dec 28 19:04:03 2013 - [72926] (178.123.108.196) gsdfg - login error - no such user - loginname=gsdfg
 # failJSON: { "time": "2013-12-28T19:05:38", "match": true , "host": "178.123.108.196" }
 Sat Dec 28 19:05:38 2013 - [73540] (178.123.108.196) myname - login error - auth_unix.pl, ret -4, Password incorrect