Logging to syslog for fail2ban integration

[ikolubr]

Hi,
First, I use your plugin a lot. thank you for it.
Second, I use fail2ban on my server and I made a small change on your plugin to log to syslog when a wrong password is entered. Than I created fail2ban filter and action to ban the IP accordingly.

If you guys could include this piece of code in your development, that would be great as I wouldn't be worried about updating the plugin and you could also advertise the feature of fail2ban integration.

I added a piece of code just before the: $this -> _delete_old_items(); in the function insert( $args ) in the class-aal-api.php file. You probably could do a better job as the plugin creator ;)

Here is the code I added:

if ($args['action'] == "wrong_password") {
                $siteUrl = explode("//", get_site_url());
                openlog($siteUrl[1], LOG_PID, LOG_AUTH);
                syslog(LOG_NOTICE,"Authentication failure for ". $args['object_name'] ." from ".$args['hist_ip']);
                closelog();
        }

The filter wordpress.conf:

# Fail2Ban configuration file
#
# Author: Igor Almeida
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = wordpress

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = Authentication failure for .* from <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

And the jail snippet to insert into jail.local:

[wordpress]
enabled  = true
filter   = wordpress
port     = http,https
logpath  = /var/log/auth.log
maxretry = 2
banaction = iptables-allports

Thank you,
Igor Almeida