From 8ac28e5dcb73a70cc5caa8ff8df60ed5b901a9d6 Mon Sep 17 00:00:00 2001 From: Alex Date: Thu, 10 Nov 2016 13:09:32 +0100 Subject: [PATCH] Make changes and add test file --- config/filter.d/mongodb-auth.conf | 7 +++++++ config/jail.conf | 8 +------- fail2ban/tests/files/logs/mongodb-auth | 24 ++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 fail2ban/tests/files/logs/mongodb-auth diff --git a/config/filter.d/mongodb-auth.conf b/config/filter.d/mongodb-auth.conf index 77443f9c..43462e73 100644 --- a/config/filter.d/mongodb-auth.conf +++ b/config/filter.d/mongodb-auth.conf @@ -1,5 +1,12 @@ # Fail2Ban filter for unsuccesfull MongoDB authentication attempts # +# Logfile /var/log/mongodb/mongodb.log +# +# add setting in /etc/mongodb.conf +# logpath=/var/log/mongodb/mongodb.log +# +# and use of the authentication +# auth = true # [Init] diff --git a/config/jail.conf b/config/jail.conf index 50ecbd72..0778a318 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -731,13 +731,7 @@ logpath = %(mysql_log)s backend = %(mysql_backend)s -# Log wrong MongoDB auth -# Logfile /var/log/mongodb/mongodb.log -# add setting in /etc/mongodb.conf -# logpath=/var/log/mongodb/mongodb.log -# -# and use of the authentication -# auth = true +# Log wrong MongoDB auth (for details how ... see filter ...) [mongodb-auth] port = 27017 logpath = /var/log/mongodb/mongodb.log diff --git a/fail2ban/tests/files/logs/mongodb-auth b/fail2ban/tests/files/logs/mongodb-auth new file mode 100644 index 00000000..a9c7b99b --- /dev/null +++ b/fail2ban/tests/files/logs/mongodb-auth @@ -0,0 +1,24 @@ +# failJSON: { "time": "2016-11-20T00:04:00", "match": true , "host": "192.168.1.35" } +2016-11-20T00:04:00.110+0200 [conn1] Failed to authenticate root@admin with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user root@admin +2016-11-20T00:04:00.111+0200 [conn1] end connection 192.168.1.35:53276 (0 connections now open) + +# failJSON: { "time": "2016-11-20T00:24:00", "match": true , "host": "220.95.238.171" } +2016-11-20T00:24:00.110+0200 [conn5] Failed to authenticate root@admin with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user root@admin +2016-11-20T00:24:00.111+0200 [conn5] end connection 220.95.238.171:53276 (0 connections now open) + +# failJSON: { "time": "2016-11-20T00:24:00", "match": true , "host": "220.95.238.176" } +2016-11-20T00:24:00.110+0200 [conn334] Failed to authenticate root@admin with mechanism MONGODB-CR: AuthenticationFailed key mismatch +2016-11-20T00:24:00.111+0200 [conn334] end connection 220.95.238.176:53276 (0 connections now open) + +# failJSON: { "time": "2016-11-20T00:24:00", "match": true , "host": "167.96.268.1" } +2016-11-20T00:24:00.110+0200 [conn56] Failed to authenticate root@admin with mechanism MONGODB-CR: AuthenticationFailed key mismatch +2016-11-20T00:24:00.111+0200 [conn56] end connection 167.96.268.1:53276 (0 connections now open) + +# failJSON: { "time": "2016-11-20T00:24:00", "match": false , "host": "127.0.0.1" } +2016-11-10T12:54:02.370+0100 [initandlisten] connection accepted from 127.0.0.1:58774 #2261 (1 connection now open) +2016-11-10T12:54:02.370+0100 [conn2261] end connection 127.0.0.1:58774 (0 connections now open) + +# failJSON: { "time": "2016-11-10T13:07:49", "match": false , "host": "177.13.20.178" } +2016-11-10T13:07:49.781+0100 [conn2271] authenticate db: admin { authenticate: 1, nonce: "xxx", user: "root", key: "xxx" } +2016-11-10T13:07:49.834+0100 [conn2271] end connection 177.13.20.178:60268 (3 connections now open) +