On 05/01/2015 01:24 AM, Ralph Plawetzki wrote:
> Hi,
>
> when you set the parameter 'log_logins' to true in your Roundcube
> configuration file, Roundcube logs failed logins to
> <roundcubemail_installation_dir>/logs/userlogins.
> See
> https://github.com/roundcube/roundcubemail/blob/1.0.5/config/defaults.inc.php#L83-84
By default, that is false - whereas by default the failed logins are
already being logged to logs/errors. It seems like the default for
fail2ban should match that and use logs/errors instead of relying on a
non-default configuration change, imho.
>
> For me to get fail2ban catch failed logins with newer versions of
> Roundcube, I had to update the filter in
> /etc/fail2ban/filter.d/roundcube-auth.conf too:
>
> #failregex = ^\s*(\[(\s[+-][0-9]{4})?\])?(%(__hostname)s roundcube:
> IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in
> .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
> failregex = Failed login for .*? from <HOST>
>
> Regards,
> Ralph
>
> 2015-04-30 20:10 GMT+02:00 Lee Clemens <[email protected]>:
>> Hi All,
>>
>> I was hoping for some feedback regarding the roundcube-auth jail.
>>
>> It currently uses logpath = /var/log/roundcube/userlogins
>>
>> The only reference I can find to this log file is from the instructions
>> to install the fail2ban plugin for roundcube from 2009.
>>
>> I'm using 1.0.5 (CentOS 6) now (1.1.1 is latest) and login errors are
>> logged to /var/log/roundcubemail/errors. I assume at some point log in
>> failures were not logged at all, creating the need for the fail2ban
>> plugin...which seems no longer necessary.
>>
>> I'd like to change the default logpath for this jail from the one
>> referenced by a very old and seemingly no longer necessary plugin to
>> that of roundcube itself (/var/log/roundcubemail/errors), but wanted
>> some feedback first (particularly from people on other platforms).
>>
>> Thanks,
>> Lee Clemens
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Fail2ban-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
