Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1058 from jomu78/master
add froxlor-auth filter and jail
- Loading branch information
Showing
4 changed files
with
51 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| # Fail2Ban configuration file to block repeated failed login attempts to Frolor installation(s) | ||
| # | ||
| # Froxlor needs to log to Syslog User (e.g. /var/log/user.log) with one of the following messages | ||
| # <syslog prefix> Froxlor: [Login Action <HOST>] Unknown user '<USER>' tried to login. | ||
| # <syslog prefix> Froxlor: [Login Action <HOST>] User '<USER>' tried to login with wrong password. | ||
| # | ||
| # Author: Joern Muehlencord | ||
| # | ||
|
|
||
| [INCLUDES] | ||
|
|
||
| # Read common prefixes. If any customizations available -- read them from | ||
| # common.local | ||
| before = common.conf | ||
|
|
||
|
|
||
| [Definition] | ||
|
|
||
| _daemon = Froxlor | ||
|
|
||
| # Option: failregex | ||
| # Notes.: regex to match the password failures messages in the logfile. The | ||
| # host must be matched by a group named "host". The tag "<HOST>" can | ||
| # be used for standard IP/hostname matching and is only an alias for | ||
| # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) | ||
| # Values: TEXT | ||
| # | ||
| failregex = ^%(__prefix_line)s\[Login Action <HOST>\] Unknown user \S* tried to login.$ | ||
| ^%(__prefix_line)s\[Login Action <HOST>\] User \S* tried to login with wrong password.$ | ||
|
|
||
|
|
||
| # Option: ignoreregex | ||
| # Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
| # Values: TEXT | ||
| # | ||
| ignoreregex = | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # failJSON: { "time": "2005-05-21T00:56:27", "match": true , "host": "1.2.3.4" } | ||
| May 21 00:56:27 jomu Froxlor: [Login Action 1.2.3.4] Unknown user 'user' tried to login. | ||
| # failJSON: { "time": "2005-05-21T00:57:38", "match": true , "host": "1.2.3.4" } | ||
| May 21 00:57:38 jomu Froxlor: [Login Action 1.2.3.4] User 'admin' tried to login with wrong password. | ||
|
|