adding openldap slapd filter

2016-07-08 04:50:57 +03:00 · 2016-07-08 04:50:57 +03:00 · b2e3affaa0
parent af8b650a37
commit b2e3affaa0
3 changed files with 24 additions and 0 deletions
--- a/2
+++ b/2
@ -30,6 +30,8 @@ ver. 0.9.5 (2016/XX/XXX) - wanna-be-released
 - New Features:
   * New Actions:
     - action.d/firewallcmd-rich-rules and action.d/firewallcmd-rich-logging (gh-1367)
+   * New filters:
+     - slapd - ban hosts, that were failed to connect with invalid credentials: error code 49

 - Enhancements:
   * Extreme speedup of all sqlite database operations (gh-1436),
--- a/config/filter.d/slapd.conf
+++ b/config/filter.d/slapd.conf
@ -0,0 +1,17 @@
+# slapd (Stand-alone LDAP Daemon) openldap daemon filter
+#
+# Detecting invalid credentials: error code 49
+# http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#invalidCredentials (49)
+
+[Definition]
+
+failregex = ^.* conn=(?P<pid>\d+) fd=\d+ ACCEPT from IP=<HOST>\:\d+ .+$<SKIPLINES>^.+ conn=(?P=pid) .* RESULT .* err=49 .*$
+
+ignoreregex =
+
+[Init]
+
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 20
+
+# Author: Andrii Melnyk
--- a/config/jail.conf
+++ b/config/jail.conf
@ -840,3 +840,8 @@ logencoding = utf-8
 # See "haproxy-http-auth" filter for a brief cautionary note when setting
 # maxretry and findtime.
 logpath  = /var/log/haproxy.log
+
+[slapd]
+port    = ldap,ldaps
+filter  = slapd
+logpath = /var/log/slapd.log