diff --git a/ChangeLog b/ChangeLog index a6a6ab23..4139dfe1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests Daniel Black * filter.d/exim-spam.conf -- a splitout of exim's spam regexes with additions for greater control over filtering spam. + Christophe Carles & Daniel Black + * filter.d/perdition.conf -- filter added - Enhancements: Daniel Black * filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening diff --git a/THANKS b/THANKS index af790f67..b853c0dc 100644 --- a/THANKS +++ b/THANKS @@ -11,6 +11,7 @@ Axel Thimm Bill Heaton Carlos Alberto Lopez Perez Christian Rauch +Christophe Carles Christoph Haas Christos Psonis Daniel B. Cid diff --git a/config/filter.d/perdition.conf b/config/filter.d/perdition.conf new file mode 100644 index 00000000..e7cb0f7d --- /dev/null +++ b/config/filter.d/perdition.conf @@ -0,0 +1,16 @@ +# Fail2Ban configuration file +# +# Author: Christophe Carles and Daniel Black +# +# + +[INCLUDES] + +before = common.conf + +[Definition] + +_daemon=perdition.imaps + +failregex = ^%(__prefix_line)sAuth: :\d+->(\d{1,3}\.){3}\d{1,3}:\d+ client-secure=\S+ authorisation_id=NONE authentication_id="\S+" server="\S+" protocol=\S+ server-secure=\S+ status="failed: Re-Authentication Failure"$ + ^%(__prefix_line)sFatal Error reading authentication information from client :\d+->(\d{1,3}\.){3}\d{1,3}:\d+: Exiting child$ diff --git a/testcases/files/logs/perdition b/testcases/files/logs/perdition new file mode 100644 index 00000000..2304e372 --- /dev/null +++ b/testcases/files/logs/perdition @@ -0,0 +1,4 @@ +# failJSON: { "time": "2013-07-18T16:07:18", "match": true , "host": "192.168.8.100" } +Jul 18 16:07:18 ares perdition.imaps[3194]: Auth: 192.168.8.100:2274->193.48.191.9:993 client-secure=ssl authorisation_id=NONE authentication_id="carles" server="imap.biotoul.fr:993" protocol=IMAP4S server-secure=ssl status="failed: Re-Authentication Failure" +# failJSON: { "time": "2013-07-18T16:08:58", "match": true , "host": "192.168.8.100" } +Jul 18 16:08:58 ares perdition.imaps[3194]: Fatal Error reading authentication information from client 192.168.8.100:2274->193.48.191.9:993: Exiting child