Hello fail2ban,
I am trying to get the roundcube filter working to no avail. Here's what I did
so far :
Here's my jail.conf
[roundcube-auth]
enabled = true
filter = roundcube-auth
port = http,https
logpath =/var/www/roundcubemail-1.2.4/logs/errors
Here's output of fail2ban-client -d | grep roundcube
root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep roundcube
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
['add', 'roundcube-auth', 'auto']
['set', 'roundcube-auth', 'usedns', 'warn']
['set', 'roundcube-auth', 'addlogpath',
'/var/www/roundcubemail-1.2.4/logs/errors']
['set', 'roundcube-auth', 'maxretry', 3]
['set', 'roundcube-auth', 'addignoreip', '127.0.0.1/8']
['set', 'roundcube-auth', 'addignoreip', '10.10.10.0/24']
['set', 'roundcube-auth', 'addignoreip', '172.16.0.0/16']
['set', 'roundcube-auth', 'addignoreip', '192.168.0.0/16']
['set', 'roundcube-auth', 'addignoreip', '197.201.1.66']
['set', 'roundcube-auth', 'ignorecommand', '']
['set', 'roundcube-auth', 'findtime', 600]
['set', 'roundcube-auth', 'bantime', 86400]
['set', 'roundcube-auth', 'addfailregex',
'^\\s*(\\[(\\s[+-][0-9]{4})?\\])?(\\S+ roundcube: IMAP Error)?: (FAILED
login|Login failed) for .*? from <HOST>(\\. .* in .*?/rcube_imap\\.php on line
\\d+ \\(\\S+ \\S+\\))?$']
['set', 'roundcube-auth', 'addaction', 'shorewall']
['set', 'roundcube-auth', 'actionban', 'shorewall', 'shorewall <blocktype>
<ip>']
['set', 'roundcube-auth', 'actionstop', 'shorewall', '']
['set', 'roundcube-auth', 'actionstart', 'shorewall', '']
['set', 'roundcube-auth', 'actionunban', 'shorewall', 'shorewall allow <ip>']
['set', 'roundcube-auth', 'actioncheck', 'shorewall', '']
['set', 'roundcube-auth', 'setcinfo', 'shorewall', 'blocktype', 'reject']
['start', 'roundcube-auth']
root@messagerie[10.10.10.19] ~ #
Here's output of fail2ban-regex
root@messagerie[10.10.10.19] ~ # fail2ban-regex
/var/www/roundcubemail-1.2.4/logs/errors
/etc/fail2ban/filter.d/roundcube-auth.conf
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/roundcube-auth.conf
Use log file : /var/www/roundcubemail-1.2.4/logs/errors
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [165] Day-MONTH-Year Hour:Minute:Second[.Millisecond]
`-
Lines: 165 lines, 0 ignored, 0 matched, 165 missed
Missed line(s): too many to print. Use --print-all-missed to print all 165
lines
root@messagerie[10.10.10.19] ~ #
Here's a tail on my log file
root@messagerie[10.10.10.19] ~ # tail /var/www/roundcubemail-1.2.4/logs/errors
| SCRIPTS/MAIL/stripemailaddresses.sed
[27-Mar-2018 16:47:29 +0100]: <4u50p4rv> IMAP Error: Login failed for
adel.taiebezzraimi from 41.110.64.109. AUTHENTICATE PLAIN: Authentication
failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on
line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 16:47:50 +0100]: <4u50p4rv> IMAP Error: Login failed for
adel.taiebezzra...@messagerie.mydomain.tld from 41.110.64.109. AUTHENTICATE
PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 16:48:06 +0100]: <4u50p4rv> IMAP Error: Login failed for
adel.taiebezzra...@mydomain.tld from 41.110.64.109. AUTHENTICATE PLAIN:
Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:12:03 +0100]: <k5ks3u4n> IMAP Error: Login failed for doz from
192.168.211.71. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:31:04 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from
69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:32:22 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from
69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:32:32 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from
69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:32:51 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from
69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:33:11 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from
69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
[27-Mar-2018 17:34:08 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from
69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in
/var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193
(POST /?_task=login&_action=login)
root@messagerie[10.10.10.19] ~ #
What am I missing ?
Yassine
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
