Package: fail2ban
Version: 0.8.6-3wheezy1
Severity: wishlist
Hi,
Please add /etc/fail2ban/filter.d/roundcube.conf with this content:
| [Definition]
|
| failregex = FAILED login for .*. from <HOST>
| ignoreregex =
Also, an entry to jail.conf disabled by default would be nice:
| [roundcube]
|
| enabled = false
| port = http,https
| filter = roundcube
| logpath = /var/log/roundcube/userlogins
Cheers
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fail2ban depends on:
ii lsb-base 4.1+Debian8
ii python 2.7.3~rc2-1
ii python-central 0.6.17
Versions of packages fail2ban recommends:
ii iptables 1.4.14-3
ii python-gamin 0.1.10-4.1
ii whois 5.0.20
Versions of packages fail2ban suggests:
ii heirloom-mailx [mailx] 12.5-2
-- Configuration Files:
/etc/fail2ban/action.d/iptables-multiport.conf changed:
[Definition]
actionstart = iptables -N fail2ban-<name>
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j
fail2ban-<name>
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j
fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
[Init]
name = default
port = ssh
protocol = tcp
chain = INPUT
/etc/fail2ban/action.d/sendmail-whois-lines.conf changed:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n\n
Lines containing IP:<ip> in <logpath>\n
`/bin/grep '\<<ip>\>' <logpath>`\n\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
actionunban =
[Init]
name = default
dest = root
sender = fail2ban
logpath = /dev/null
/etc/fail2ban/jail.conf changed:
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
maxretry = 3
backend = auto
destemail = root
banaction = iptables-multiport
mta = sendmail
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s",
protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s",
logpath=%(logpath)s, chain="%(chain)s"]
action = %(action_mwl)s
[postfix]
enabled = true
port = smtp
filter = postfix
logpath = /var/log/mail.log
[sasl]
enabled = true
port = submission
filter = sasl
logpath = /var/log/mail.warn
[dovecot]
enabled = true
port = imaps,pop3s
filter = dovecot
logpath = /var/log/mail.info
[roundcube]
enabled = true
port = http,https
filter = roundcube
logpath = /var/log/roundcube/userlogins
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
