fail2ban logs and filters for kolab 3.4 on Ubuntu

David Cowan david at quagmire.ca
Fri Jul 17 08:45:39 CEST 2015


One more for the script kiddies :)

Copy it into /etc/fail2ban/filter.d/apache-noscript.conf

failregex = client <HOST>.*?client denied by server configuration
                     client <HOST>.*?not found or unable to stat

then go to /etc/fail2ban/jail.local and turn it on : apache-noscript = true

test it with :

root at yourterminal:# fail2ban-regex '/var/log/apache2/error.log' 
'/etc/fail2ban/filter.d/apache-noscript.conf'

these regexs parse /var/log/apache2/error.log

Works on Ubuntu 14, should work on Debian.

Regards





On 15-03-28 07:08 PM, Matthias Busch wrote:
> in case you guys want to use it...
>
> here the regex filters (and log paths) for kolab 3.4 on debian 7.8
> please note, the filters seem to work but they probably are not bullet 
> proof and/or the most efficient.
> feel free to make them better :)
>
> cyrus: /var/log/mail.info
> (imaps|pop3s)\[[0-9]*\]: badlogin: \[<HOST>\] 
> (plain|PLAIN|login|plaintext) .*
>
> postfix: /var/log/mail.info
> postfix\/smtpd\[[0-9]*\]: warning: unknown\[<HOST>\]: SASL 
> (PLAIN|LOGIN) authentication failed: authentication failure
>
> roundcube: /var/log/roundcubemails/userlogins
> <.*> Failed login for .* from <HOST> in session .*
>
> iRony: /var/log/iRony/userlogins
> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
>
> freebusy: not yet logging IPs
>
> chwala: /var/log/chwala/userlogins
> <.*> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*
>
> syncroton: /var/log/syncroton/userlogins
> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
>
> kolab-webadmin: not yet logging IPs
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users



More information about the users mailing list