Merge branch '3proxy' of https://github.com/grooverdan/fail2ban

* '3proxy' of https://github.com/grooverdan/fail2ban: BF: fix to proxy port in 3proxy example ENH: sample log + more specific regex BF: authentication errors end in 01-09 but the beginning part indicates the service as per https://github.com/fail2ban/fail2ban/issues/246#issuecomment-19327955 thanks to ykimon BF: need to anchor the start to avoid another repeat of DoS injection like Apache ENH: stricter regex thanks to Steven Hiscocks (kwirk) DOC: credits Conflicts: ChangeLog
2013-06-14 12:31:20 -04:00 · 2013-06-14 12:31:20 -04:00 · 9d4b613ee4
parent 173fe48e77 88b4598ed8
commit 9d4b613ee4
5 changed files with 30 additions and 1 deletions
--- a/3
+++ b/3
@ -13,7 +13,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released
 - Fixes:
  
 - New Features:
-  
+  Daniel Black & ykimon
+   * filter.d/3proxy.conf -- filter added
 - Enhancements:
  Daniel Black
   * filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening
--- a/1
+++ b/1
@ -49,5 +49,6 @@ Tyler
 Vaclav Misek
 Vincent Deffontaines
 Yaroslav Halchenko
+ykimon
 Yehuda Katz
 zugeschmiert
--- a/config/filter.d/3proxy.conf
+++ b/config/filter.d/3proxy.conf
@ -0,0 +1,18 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# Requested by ykimon in https://github.com/fail2ban/fail2ban/issues/246
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  http://www.3proxy.ru/howtoe.asp#ERRORS indicates that 01-09 are
+#          all authentication problems (%E field)
+#          Log format is: "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
+# Values:  TEXT
+#
+failregex = ^\s[+-]\d{4} \S+ \d{3}0[1-9] \S+ <HOST>:\d+ [\d.]+:\d+ \d+ \d+ \d+\s
+
+ignoreregex = 
--- a/config/jail.conf
+++ b/config/jail.conf
@ -401,4 +401,10 @@ action = pf
 logpath  = /var/log/sshd.log
 maxretry=5

+[3proxy]
+
+enabled = false
+filter  = 3proxy
+action  = iptables-multiport[name=3proxy, port=3128, protocol=tcp]
+logpath = /var/log/3proxy.log

--- a/testcases/files/logs/3proxy
+++ b/testcases/files/logs/3proxy
@ -0,0 +1,3 @@
+11-06-2013 02:09:40 +0300 PROXY.3128 00004 - 1.2.3.4:28783 0.0.0.0:0 0 0 0 GET http://www.yandex.ua/?ncrnd=2169807731 HTTP/1.1
+11-06-2013 02:09:43 +0300 PROXY.3128 00005 ewr 1.2.3.4:28788 0.0.0.0:0 0 0 0 GET http://www.yandex.ua/?ncrnd=2169807731 HTTP/1.1
+13-06-2013 01:39:34 +0300 PROXY.3128 00508 - 1.2.3.4:28938 0.0.0.0:0 0 0 0