github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated fail2ban config for Group-Office 6.7+

pull/3706/head
Merijn Schering 2024-03-26 09:28:49 +01:00
parent 91a37b5e49
commit f3510fe863
5 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/filter.d/groupoffice-lost-password.conf Normal file
View File

@ -0,0 +1,7 @@
# Fail2Ban filter for Group-Office lost password requests
# logpath must be the webserver error log
[Definition]
failregex = Lost password request from IP: '<HOST>'$
ignoreregex =

2
config/filter.d/groupoffice.conf
View File

@ -1,4 +1,4 @@
# Fail2Ban filter for Group-Office
# Fail2Ban filter for Group-Office authentication failures
# logpath must be the webserver error log
[Definition]

8
config/jail.conf
View File

@ -450,7 +450,13 @@ logpath = /var/log/horde/horde.log
[groupoffice]
port = http,https
logpath = /home/groupoffice/log/info.log
logpath = /var/log/apache2/error.log
[groupoffice-lost-password]
port = http,https
logpath = /var/log/apache2/error.log
maxretry = 100
[sogo-auth]

8
fail2ban/tests/files/logs/groupoffice
View File

@ -1,4 +1,4 @@
# failJSON: { "time": "2014-01-06T10:59:38", "match": true, "host": "127.0.0.1" }
[2014-01-06 10:59:38]LOGIN FAILED for user: "asdsad" from IP: 127.0.0.1
# failJSON: { "time": "2014-01-06T10:59:49", "match": false, "host": "127.0.0.1" }
[2014-01-06 10:59:49]LOGIN SUCCESS for user: "admin" from IP: 127.0.0.1
# failJSON: { "time": "2024-03-26T07:59:08", "match": true, "host": "192.168.65.1" }
localhost [Tue Mar 26 07:59:08 2024] [notice] [pid 1662] [client 192.168.65.1:17672] Password authentication failed for 'johndoe' from IP: '192.168.65.1'
# failJSON: { "time": "2024-03-26T08:17:24", "match": false, "host": "192.168.65.1" }
localhost [Tue Mar 26 08:17:24 2024] [notice] [pid 90] [client 192.168.65.1:17733] Lost password request from IP: '192.168.65.1'

4
fail2ban/tests/files/logs/groupoffice-lost-password Normal file
View File

@ -0,0 +1,4 @@
# failJSON: { "time": "2024-03-26T07:59:08", "match": false, "host": "192.168.65.1" }
localhost [Tue Mar 26 07:59:08 2024] [notice] [pid 1662] [client 192.168.65.1:17672] Password authentication failed for 'johndoe' from IP: '192.168.65.1'
# failJSON: { "time": "2024-03-26T08:17:24", "match": true, "host": "192.168.65.1" }
localhost [Tue Mar 26 08:17:24 2024] [notice] [pid 90] [client 192.168.65.1:17733] Lost password request from IP: '192.168.65.1'