diff --git a/config/filter.d/slapd.conf b/config/filter.d/slapd.conf index 9a4e14c5..0af6a4ea 100644 --- a/config/filter.d/slapd.conf +++ b/config/filter.d/slapd.conf @@ -3,9 +3,17 @@ # Detecting invalid credentials: error code 49 # http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#invalidCredentials (49) +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + [Definition] -failregex = ^.* conn=(?P\d+) fd=\d+ ACCEPT from IP=\:\d+ .+$^.+ conn=(?P=pid) .* RESULT .* err=49 .*$ +_daemon = slapd + +failregex = ^(?P<__prefix>%(__prefix_line)s).* conn=(?P\d+) fd=\d+ ACCEPT from IP=\:\d+ .+$(?P=__prefix).+ conn=(?P=pid) .* RESULT .* err=49 .*$ ignoreregex = diff --git a/fail2ban/tests/files/logs/slapd b/fail2ban/tests/files/logs/slapd index c4758dfb..db7cda87 100644 --- a/fail2ban/tests/files/logs/slapd +++ b/fail2ban/tests/files/logs/slapd @@ -10,7 +10,7 @@ Jul 8 01:47:19 ldap-server slapd[1183]: conn=1022 op=0 STARTTLS Jul 8 01:47:19 ldap-server slapd[1183]: conn=1022 op=0 RESULT oid= err=1 text=TLS already started # failJSON: { "match": false } Jul 8 01:47:20 ldap-server slapd[1183]: conn=1022 op=1 BIND dn="uid=gipson,ou=people,dc=example,dc=com" method=128 -# failJSON: { "time": "2016-07-08T01:47:20", "match": true , "host": "8.8.8.8", "desc": "Multiline match for invalid credentials" } +# failJSON: { "time": "2005-07-08T01:47:20", "match": true , "host": "8.8.8.8", "desc": "Multiline match for invalid credentials" } Jul 8 01:47:20 ldap-server slapd[1183]: conn=1022 op=1 RESULT tag=97 err=49 text= # failJSON: { "match": false } Jul 8 01:47:20 ldap-server slapd[1183]: conn=1022 op=2 UNBIND