github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge 3b3a9676af into 86b9adb2f5

pull/3707/merge
Merijn Schering 2025-06-23 12:43:53 +00:00 committed by GitHub
parent 86b9adb2f5 3b3a9676af
commit d5f18524c7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/filter.d/groupoffice-lost-password.conf Normal file
View File

@ -0,0 +1,7 @@
# Fail2Ban filter for Group-Office lost password requests
# logpath must be the webserver error log
[Definition]
failregex = Lost password request from IP: '<HOST>'
ignoreregex =

13
config/filter.d/groupoffice.conf
View File

@ -1,14 +1,7 @@
# Fail2Ban filter for Group-Office
#
# Enable logging with:
# $config['info_log']='/home/groupoffice/log/info.log';
#
# Fail2Ban filter for Group-Office authentication failures
# logpath must be the webserver error log
[Definition]
failregex = ^\[\]LOGIN FAILED for user: "\S+" from IP: <HOST>$
failregex = Password authentication failed for '\S+' from IP: '<HOST>'
ignoreregex =
# Author: Daniel Black

8
config/jail.conf
View File

@ -450,7 +450,13 @@ logpath = /var/log/horde/horde.log
[groupoffice]
port = http,https
logpath = /home/groupoffice/log/info.log
logpath = /var/log/apache2/error.log
[groupoffice-lost-password]
port = http,https
logpath = /var/log/apache2/error.log
maxretry = 100
[sogo-auth]

8
fail2ban/tests/files/logs/groupoffice
View File

@ -1,4 +1,4 @@
# failJSON: { "time": "2014-01-06T10:59:38", "match": true, "host": "127.0.0.1" }
[2014-01-06 10:59:38]LOGIN FAILED for user: "asdsad" from IP: 127.0.0.1
# failJSON: { "time": "2014-01-06T10:59:49", "match": false, "host": "127.0.0.1" }
[2014-01-06 10:59:49]LOGIN SUCCESS for user: "admin" from IP: 127.0.0.1
# failJSON: { "time": "2024-03-26T07:59:08", "match": true, "host": "192.168.65.1" }
localhost [Tue Mar 26 07:59:08 2024] [notice] [pid 1662] [client 192.168.65.1:17672] Password authentication failed for '192.168.100.100' from IP: '192.168.65.1'
# failJSON: { "time": "2024-03-26T08:17:24", "match": false, "host": "192.168.65.1" }
localhost [Tue Mar 26 08:17:24 2024] [notice] [pid 90] [client 192.168.65.1:17733] Lost password request from IP: '192.168.65.1'

4
fail2ban/tests/files/logs/groupoffice-lost-password Normal file
View File

@ -0,0 +1,4 @@
# failJSON: { "time": "2024-03-26T07:59:08", "match": false, "host": "192.168.65.1" }
localhost [Tue Mar 26 07:59:08 2024] [notice] [pid 1662] [client 192.168.65.1:17672] Password authentication failed for 'johndoe' from IP: '192.168.65.1'
# failJSON: { "time": "2024-03-26T08:17:24", "match": true, "host": "192.168.65.1" }
localhost [Tue Mar 26 08:17:24 2024] [notice] [pid 90] [client 192.168.65.1:17733] Lost password request from IP: '192.168.65.1'