Hi,
Le 2015-06-04 13:27, Kamaldeep Singh a écrit :
Hi All,
I was trying to set up the fail2ban on centos 6 for our SOGO server.
I have enabled the rule in jail.local file. But it does not block
any ip if anyone attempt to login with wrong password. Can you help
me in that?
Below is the entry of jail.local and filter file.
-- JAIL.LOCAL
================================================================
[sogo-iptables]
enabled = true
filter = sogo-auth
# without proxy this would be:
# port = 20000
action = iptables-multiport[name=SOGo, port="http,https"]
logpath = /var/log/sogo/sogo.log
================================================================
-- SOGO-AUTH.CONF
================================================================
# Fail2ban filter for SOGo authentcation
#
# Log file usually in /var/log/sogo/sogo.log
[Definition]
failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user
'.*' might not have worked( - password policy: \d* grace: -?\d* expire:
-?\d* bound: -?\d*)?\s*$
I don't think that there should be a space between "sogod" and "\[".
Also, I don't remember the syntax of SOGo's log files, but I doubt that
your lines start with the string " sogod"; in doubt, I would replace
this initial space with ".*"…
Just to be sure:
— either your lines end with "…might not have worked" (with some spaces
possible at the end),
— or they end with "…have worked( - password …)" (with some spaces
possible at the end).
Strange that there are two different formats…
Regards,
Yves.
ignoreregex =
#
# DEV Notes:
#
# The error log may contain multiple hosts, whereas the first one
# is the client and all others are poxys. We match the first one, only
#
# Author: Arnd Brandes
================================================================
Thanks,
Kamaldeep Singh
--
Kamaldeep Singh
System Administrator
Direct: +91 124 4548380
Tel: +91 124 4548383 Ext- 1007
UK: +44 845 0047 142 Ext- 5010
Techblue Software Pvt. Ltd
The Palms, Plot No 73, Sector 5, IMT Manesar,
Gurgaon- 122050 (Hr.)
www.techbluesoftware.co.in
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
