Dear all! thank to jraby, the sogo.log can now be used for fail2ban, even in the proxy setup. This has been implemented in the feature request 2229(http://www.sogo.nu/bugs/view.php?id=2229). Fail2ban allows to ban IPs of users who persistently (in the example 5 times) fail to login in a certain time. The ban can be temporary or permanent and an admin can be configured to be informed by mail. The ban is done via IP tables. Setup-time ~ 10 min.
Have fun with fail2ban :-) Arnd ---- The fail2ban configuration is: 1. Add sogo jail at the end of /etc/fail2ban/jail.local >>> [SOGo] enabled = true port = http,https # in proxy-free setup this would be: # port = 20000 filter = sogo logpath = /var/log/sogo/sogo.log maxretry = 5 <<< 2. add filter: /etc/fail2ban/filter.d/sogo.conf >>> # /etc/fail2ban/filter.d/sogo.conf # # Fail2Ban configuration file # By Arnd Brandes # SOGo # [Definition] # Option: failregex # Filter Ban in /var/log/sogo/sogo.log # Note: the error log may contain multiple hosts, whereas the first one # is the client and all others are poxys. We match the first one, only failregex = Login from '<HOST>.*' for user '.*' might not have worked # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = <<< -- [email protected] https://inverse.ca/sogo/lists
