Package: fail2ban Version: 0.8.6-3wheezy1 Severity: wishlist Hi,
Please add /etc/fail2ban/filter.d/roundcube.conf with this content: | [Definition] | | failregex = FAILED login for .*. from <HOST> | ignoreregex = Also, an entry to jail.conf disabled by default would be nice: | [roundcube] | | enabled = false | port = http,https | filter = roundcube | logpath = /var/log/roundcube/userlogins Cheers -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fail2ban depends on: ii lsb-base 4.1+Debian8 ii python 2.7.3~rc2-1 ii python-central 0.6.17 Versions of packages fail2ban recommends: ii iptables 1.4.14-3 ii python-gamin 0.1.10-4.1 ii whois 5.0.20 Versions of packages fail2ban suggests: ii heirloom-mailx [mailx] 12.5-2 -- Configuration Files: /etc/fail2ban/action.d/iptables-multiport.conf changed: [Definition] actionstart = iptables -N fail2ban-<name> iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> iptables -F fail2ban-<name> iptables -X fail2ban-<name> actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name> actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP [Init] name = default port = ssh protocol = tcp chain = INPUT /etc/fail2ban/action.d/sendmail-whois-lines.conf changed: [Definition] actionstart = actionstop = actioncheck = actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"` From: Fail2Ban <<sender>> To: <dest>\n Hi,\n The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>.\n\n Here are more information about <ip>:\n `/usr/bin/whois <ip>`\n\n Lines containing IP:<ip> in <logpath>\n `/bin/grep '\<<ip>\>' <logpath>`\n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> actionunban = [Init] name = default dest = root sender = fail2ban logpath = /dev/null /etc/fail2ban/jail.conf changed: [DEFAULT] ignoreip = 127.0.0.1/8 bantime = 600 maxretry = 3 backend = auto destemail = root banaction = iptables-multiport mta = sendmail protocol = tcp chain = INPUT action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] action = %(action_mwl)s [postfix] enabled = true port = smtp filter = postfix logpath = /var/log/mail.log [sasl] enabled = true port = submission filter = sasl logpath = /var/log/mail.warn [dovecot] enabled = true port = imaps,pop3s filter = dovecot logpath = /var/log/mail.info [roundcube] enabled = true port = http,https filter = roundcube logpath = /var/log/roundcube/userlogins -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org