fail2ban logs and filters for kolab 3.4 on Ubuntu
David Cowan
david at quagmire.ca
Fri Jul 17 08:45:39 CEST 2015
One more for the script kiddies :)
Copy it into /etc/fail2ban/filter.d/apache-noscript.conf
failregex = client <HOST>.*?client denied by server configuration
client <HOST>.*?not found or unable to stat
then go to /etc/fail2ban/jail.local and turn it on : apache-noscript = true
test it with :
root at yourterminal:# fail2ban-regex '/var/log/apache2/error.log'
'/etc/fail2ban/filter.d/apache-noscript.conf'
these regexs parse /var/log/apache2/error.log
Works on Ubuntu 14, should work on Debian.
Regards
On 15-03-28 07:08 PM, Matthias Busch wrote:
> in case you guys want to use it...
>
> here the regex filters (and log paths) for kolab 3.4 on debian 7.8
> please note, the filters seem to work but they probably are not bullet
> proof and/or the most efficient.
> feel free to make them better :)
>
> cyrus: /var/log/mail.info
> (imaps|pop3s)\[[0-9]*\]: badlogin: \[<HOST>\]
> (plain|PLAIN|login|plaintext) .*
>
> postfix: /var/log/mail.info
> postfix\/smtpd\[[0-9]*\]: warning: unknown\[<HOST>\]: SASL
> (PLAIN|LOGIN) authentication failed: authentication failure
>
> roundcube: /var/log/roundcubemails/userlogins
> <.*> Failed login for .* from <HOST> in session .*
>
> iRony: /var/log/iRony/userlogins
> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
>
> freebusy: not yet logging IPs
>
> chwala: /var/log/chwala/userlogins
> <.*> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*
>
> syncroton: /var/log/syncroton/userlogins
> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
>
> kolab-webadmin: not yet logging IPs
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
More information about the users
mailing list