Use upstream sogo-auth filter
This commit is contained in:
parent
ba323c2557
commit
14170ae297
|
@ -11,7 +11,7 @@ $OUT .=<<"EOF";
|
|||
|
||||
[sogo]
|
||||
enabled = true
|
||||
filter = sogo
|
||||
filter = sogo-auth
|
||||
logpath = /var/log/sogo/sogo.log
|
||||
action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
|
||||
EOF
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
# /etc/fail2ban/filter.d/sogo-auth.conf
|
||||
#
|
||||
# Fail2Ban configuration file
|
||||
# By Arnd Brandes
|
||||
# SOGo
|
||||
#
|
||||
|
||||
[Definition]
|
||||
# Option: failregex
|
||||
# Filter Ban in /var/log/sogo/sogo.log
|
||||
# Note: the error log may contain multiple hosts, whereas the first one
|
||||
# is the client and all others are poxys. We match the first one, only
|
||||
|
||||
failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
ignoreregex =
|
|
@ -1,10 +0,0 @@
|
|||
[INCLUDES]
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = sogod
|
||||
|
||||
failregex = ^\s*%(_daemon)s\s*%(__pid_re)s:\s*SOGoRootPage Login from '<HOST>' for user '.*' might not have worked \-.*$
|
||||
|
||||
ignoreregex =
|
Loading…
Reference in New Issue