Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon #798
referenced this pull request
Apr 13, 2016
Only had a few minutes here and there the past couple of days to look into this. I set up a second server next to my test box and tried running the script. I had some problems with running it without a shebang at first. Got it working by calling it directly via the python3 interpreter. It isn't able to connect to my server, might be a firewall issue.
I will have a look at this hopefully this week.
Regarding the removal of jail.local. I looked into running a hash, but the deployed file is modified with the users ip address. So we somehow have to detect that we are upgrading. We could do this later on, since currently the file is already being overwritten after every release.
I am focussing on the first failing test; smtp (Ran from a separate server)
If i run:
I see the hits, but no banning of the IP.
The configuration dump with fail2ban-client -d
The effective merged configuration looks okay. I did test this manually by rentering a wrong password in Mail for MacOS. That resulted in a ban:
It does hit 2 tries with every login, there are indistinguishable items in the log. I also compared the log items for the test script with the manual test and I couldn't detect any differences.
So the filter does work with a manual test, but not with the script. Which of course is not good enough. I will try to have a look. I suspect it could be a timing issue. Time is a bit more limited this week though.
I have no idea what is going on here. Running a manual test as stated before does give an ip ban, but a run from @JoshData test script does not. I twiddled with the delays and the number of calls. Fail2ban does register all the calls (double even, because each login results in 2 log lines) but doesn't ban. (See screenshot)
A google quest suggested to try:
I tried all of the above.
When i change the own cloud line to:
It triggers a log line and records a failed login. However I have to increase the timeout somewhat. Also even though fail2ban sees the failed login, it doesn't proceed with the ban.
To do the other login prompts (if that is desired) we would need to craft post data. I verified that that gives the same log messages though. What do you prefer @JoshData? We would be testing the own cloud login system.
The same probably goes for the miab panel. Also has two ways of authenticating.