On 18.05.2011 00:40, Iain Georgeson wrote:
> Package: mumble-server
> Version: 1.2.2-6
> Severity: minor
> Tags: patch
>
> I like to use fail2ban to monitor any network service with login capability.
> I'm using an external authenticator to make murmurd auth against LDAP,
> so I want to be sure I'm not allowing an avenue for dictionary attacks
> against it.
>
> fail2ban needs to match a single log line which contains:
> * a date
> * an IP
> * some string which shows it's a login failure (e.g. /Wrong password for
> user/)
>
> murmurd doesn't include the IP in that log message so fail2ban can't get
> the information it needs. Did this to it:
>
>
> --- src/murmur/Messages.cpp.orig 2011-05-17 23:31:54.000000000 +0100
> +++ src/murmur/Messages.cpp 2011-05-17 22:27:41.000000000 +0100
> @@ -172,7 +172,9 @@
> }
>
> if (! ok) {
> - log(uSource, QString("Rejected connection: %1").arg(reason));
> + log(uSource, QString("Rejected connection from %1: %2").
> + arg(addressToString(uSource->peerAddress(),
> + uSource->peerPort()), reason));
> MumbleProto::Reject mpr;
> mpr.set_reason(u8(reason));
> mpr.set_type(rtType);
>
>
> My fail2ban setup now looks like
>
> jail.local:
> [mumble-server]
>
> enabled = true
> port = 64738
> filter = mumble-server
> logpath = /var/log/mumble-server/mumble-server.log
>
>
> filter.d/mumble-server.conf:
> failregex = ^\<W\>.*Rejected connection from <HOST>:\d+: Wrong password for
> user$Would you be so kindly and send the patch to upstream on github? -- /* Mit freundlichem Gruß / With kind regards, Patrick Matthäi GNU/Linux Debian Developer E-Mail: [email protected] [email protected] */
signature.asc
Description: OpenPGP digital signature
