mirror of https://github.com/fail2ban/fail2ban
Merge pull request #1264 from rbrownwsws/master
Added filter and jail for murmur/mumble-server.pull/1272/merge
commit
edcbdf6eab
|
@ -41,6 +41,10 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
|
|||
rest api and web interface (gh-1223)
|
||||
- nginx-limit-req - ban hosts, that were failed through nginx by limit
|
||||
request processing rate (ngx_http_limit_req_module)
|
||||
- murmur - ban hosts that repeatedly attempt to connect to
|
||||
murmur/mumble-server with an invalid server password or certificate.
|
||||
* New jails:
|
||||
- murmur - bans TCP and UDP from the bad host on the default murmur port.
|
||||
* sshd filter got new failregex to match "maximum authentication
|
||||
attempts exceeded" (introduced in openssh 6.8)
|
||||
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
# Fail2Ban filter for murmur/mumble-server
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
before = common.conf
|
||||
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = murmurd
|
||||
|
||||
# N.B. If you allow users to have usernames that include the '>' character you
|
||||
# should change this to match the regex assigned to the 'username'
|
||||
# variable in your server config file (murmur.ini / mumble-server.ini).
|
||||
_usernameregex = [^>]+
|
||||
|
||||
_prefix = <W>[\n\s]*(\.\d{3})?\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
|
||||
|
||||
failregex = ^%(_prefix)s Invalid server password$
|
||||
^%(_prefix)s Wrong certificate or password for existing user$
|
||||
|
||||
ignoreregex =
|
||||
|
||||
|
||||
# DEV Notes:
|
||||
#
|
||||
# Author: Ross Brown
|
|
@ -821,3 +821,12 @@ returntype = DROP
|
|||
bantime = 3600
|
||||
maxretry = 1
|
||||
findtime = 1
|
||||
|
||||
|
||||
[murmur]
|
||||
# AKA mumble-server
|
||||
port = 64738
|
||||
filter = murmur
|
||||
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp]
|
||||
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp]
|
||||
logpath = /var/log/mumble-server/mumble-server.log
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# failJSON: { "time": "2015-11-29T16:38:01", "match": true , "host": "192.168.0.1" }
|
||||
<W>2015-11-29 16:38:01.818 1 => <4:testUsernameOne(-1)> Rejected connection from 192.168.0.1:29530: Invalid server password
|
||||
|
||||
# failJSON: { "time": "2015-11-29T17:18:20", "match": true , "host": "192.168.1.2" }
|
||||
<W>2015-11-29 17:18:20.962 1 => <8:testUsernameTwo(-1)> Rejected connection from 192.168.1.2:29761: Wrong certificate or password for existing user
|
Loading…
Reference in New Issue