ENH: new filter perdition.conf

ChangeLog

@@ -36,6 +36,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
   Daniel Black
    * filter.d/exim-spam.conf -- a splitout of exim's spam regexes
      with additions for greater control over filtering spam.
+  Christophe Carles & Daniel Black
+   * filter.d/perdition.conf -- filter added
 - Enhancements:
   Daniel Black
    * filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening

THANKS

@@ -11,6 +11,7 @@ Axel Thimm
 Bill Heaton
 Carlos Alberto Lopez Perez
 Christian Rauch
+Christophe Carles
 Christoph Haas
 Christos Psonis
 Daniel B. Cid

config/filter.d/perdition.conf

@@ -0,0 +1,16 @@
+# Fail2Ban configuration file
+#
+# Author: Christophe Carles and Daniel Black
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon=perdition.imaps
+
+failregex = ^%(__prefix_line)sAuth: <HOST>:\d+->(\d{1,3}\.){3}\d{1,3}:\d+ client-secure=\S+ authorisation_id=NONE authentication_id="\S+" server="\S+" protocol=\S+ server-secure=\S+ status="failed: Re-Authentication Failure"$
+            ^%(__prefix_line)sFatal Error reading authentication information from client <HOST>:\d+->(\d{1,3}\.){3}\d{1,3}:\d+: Exiting child$

testcases/files/logs/perdition

@@ -0,0 +1,4 @@
+# failJSON: { "time": "2013-07-18T16:07:18", "match": true , "host": "192.168.8.100" }
+Jul 18 16:07:18 ares perdition.imaps[3194]: Auth: 192.168.8.100:2274->193.48.191.9:993 client-secure=ssl authorisation_id=NONE authentication_id="carles" server="imap.biotoul.fr:993" protocol=IMAP4S server-secure=ssl status="failed: Re-Authentication Failure"
+# failJSON: { "time": "2013-07-18T16:08:58", "match": true , "host": "192.168.8.100" }
+Jul 18 16:08:58 ares perdition.imaps[3194]: Fatal Error reading authentication information from client 192.168.8.100:2274->193.48.191.9:993: Exiting child