Re: [Fwd: fail2ban needs shorewall?]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Andylockran wrote on Wed, 23 Jul 2008 17:43:45 +0100:

> If you do have an issue with fail2ban, it does pretty much the same thing.

fail2ban from rpmforge works fine. It's missing the filter for dovecot, 
though, and got wrong filters for many other services.

Here are some that I just figured out:

dovecot:/var/log/secure
failregex = dovecot-auth: pam_unix\(dovecot:auth\): authentication failure; 
* rhost=<HOST>

sasl:/var/log/maillog
failregex = postfix\/smtpd\[\d+\]: warning: unknown\[<HOST>\]: SASL LOGIN 
authentication failed:

vsftpd:/var/log/secure
failregex = vsftpd: .* authentication failure; .* rhost=<HOST>

I noticed that there are several failregex in the conf files that end with 
$. However, if I try that my rules fail, although they look like perfectly 
valid regex, so I'm not matching until the end of line.

Someone else can add to the list?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux