Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Squirrelmail filter and M/d/Y H:m:s date format #261

Closed
sblantipodi opened this issue Jun 17, 2013 · 8 comments
Closed

Squirrelmail filter and M/d/Y H:m:s date format #261

sblantipodi opened this issue Jun 17, 2013 · 8 comments

Comments

@sblantipodi
Copy link

Hi,

Found a match for u' [LOGIN_ERROR] N/A (mydomain.org) from 151.64.61.62: Unknown user or password incorrect.\n' but no valid date/time found for u'06/17/2013 22:48:46'.

After an update on CentOS 6.4 running fail2ban fail2ban-0.8.8-3.el6.src.rpm
I noticed that fail2ban is not banning anyone anymore.

If I test the regexpr, for example:
fail2ban-regex /var/lib/squirrelmail/prefs/squirrelmail_access_log /etc/fail2ban/filter.d/squirrelmail.conf

I get this message:
Found a match for u' [LOGIN_ERROR] N/A (mydomain.org) from 151.64.61.62: Unknown user or password incorrect.\n' but no valid date/time found for u'06/17/2013 22:48:46'. Please file a detailed issue on https://github.com/fail2ban/fail2ban/issues in order to get support for this format.

Is there someone who can help please?
Thanks.
@sblantipodi
Copy link
Author

I solved by adding this:
# My date detector
template = DateStrptime()
template.setName("Month/Day/Year Hour:Minute:Second")
template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%m/%d/%Y %H:%M:%S")
self.__templates.append(template)

here:
/usr/share/fail2ban/server/datedetector.py

@grooverdan
Copy link
Contributor

given "Day/Month/Year Hour:Minute:Second" has the same regex I don't think we can include this. Is it possible to configure the squirrelmail date logging format?

Regardless of the date format would you like to contribute a filter for squirrelmail with some sample logs of error messages?

@yarikoptic
Copy link
Member

#214 could be of help if custom date template would be specified for the jail

@sblantipodi
Copy link
Author

@grooverdan yes, it is possible to configure the squirrelmail loggin format but it is not so fast and I prefer to not change its default logging.
I have found this guide after I founded a solution to the problem but I think that this is what you are searching for:
http://www.howtoforge.com/configuring-fail2ban-with-squirrelmail-on-centos-5.3-ispconfig-3

@kwirk
Copy link
Contributor

kwirk commented Jun 18, 2013

#214 is a good application for this 😄

@yarikoptic
Copy link
Member

yeap -- and #214 is merged already in 0.9... I am keeping this issue open though until we finalize resolution for postmerge discussion #214 (comment) which should resolve this issue entirely while removing ambiguity between Day/Month and Month/Day

@yarikoptic yarikoptic mentioned this issue Jul 27, 2013
Closed
@grooverdan
Copy link
Contributor

for when date format is resolved

https://github.com/grooverdan/fail2ban/tree/squirrelmail

@grooverdan grooverdan mentioned this issue Jan 12, 2014
Merged
@grooverdan
Copy link
Contributor

closed as per #579

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yarikoptic @kwirk @grooverdan @sblantipodi