fail2ban logs and filters for kolab 3.4 (on debian 7.8)
thomas at die-lufts.org
thomas at die-lufts.org
Tue Mar 31 01:22:49 CEST 2015
Dear Matthias,
thanks for the filters but how do I implement these in fail2ban? I know how to activate filters in fail2ban but it seems that I have to change more than one file to get the filters running?
Kind regards and thanks for the help
Thomas
Matthias Busch schrieb am 29.03.2015 04:08:
> in case you guys want to use it...
>
> here the regex filters (and log paths) for kolab 3.4 on debian 7.8
> please note, the filters seem to work but they probably are not bullet
> proof and/or the most efficient.
> feel free to make them better :)
>
> cyrus: /var/log/mail.info
> (imaps|pop3s)\[[0-9]*\]: badlogin: \[<HOST>\]
> (plain|PLAIN|login|plaintext) .*
>
> postfix: /var/log/mail.info
> postfix\/smtpd\[[0-9]*\]: warning: unknown\[<HOST>\]: SASL (PLAIN|LOGIN)
> authentication failed: authentication failure
>
> roundcube: /var/log/roundcubemails/userlogins
> <.*> Failed login for .* from <HOST> in session .*
>
> iRony: /var/log/iRony/userlogins
> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
>
> freebusy: not yet logging IPs
>
> chwala: /var/log/chwala/userlogins
> <.*> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*
>
> syncroton: /var/log/syncroton/userlogins
> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
>
> kolab-webadmin: not yet logging IPs
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>
More information about the users
mailing list