github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: additional tweek to dovecot regex based on http://chrisgilligan.com/portfolio/fail2ban-regex/

pull/407/head
Daniel Black 2013-10-29 10:15:54 +11:00
parent 0c14707201
commit cde389cadc
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/filter.d/dovecot.conf
View File

@ -9,7 +9,7 @@ before = common.conf
[Definition]
_daemon = (dovecot(-auth)?|auth-worker)
_daemon = (auth|dovecot(-auth)?|auth-worker)
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# first regex is essentially a copy of pam-generic.conf

4
testcases/files/logs/dovecot
View File

@ -35,3 +35,7 @@ Jul 02 13:49:32 hostname dovecot[442]: dovecot: auth(default): pam(account@MYSER
# failJSON: { "time": "2013-08-11T03:56:40", "match": true , "host": "1.2.3.4" }
2013-08-11 03:56:40 auth-worker(default): Info: pam(username,1.2.3.4): pam_authenticate() failed: Authentication failure (password mismatch?)
# failJSON: { "time": "2005-05-19T05:22:20", "match": true , "host": "80.255.3.104" }
Apr 19 05:22:20 vm5 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=informix rhost=80.255.3.104