From: Fabian W. <fa...@we...> - 2012-06-26 15:40:55
|
Hello I have created some own filters for the following applications, as they did not exist with the fail2ban 0.8.6 Port on FreeBSD: DAViCal (http://www.davical.org/) Roundcube (http://www.roundcube.net/) Sendmail (http://www.sendmail.org/) As I have not found any place on the fail2ban website (http://www.fail2ban.org/) to submit them to the project, I have just attached them to this e-mail to contribute them to fail2ban. This filters are running since a while on my FreeBSD 7.4 system, but they should also work on any other operating system. For Sendmail I have created 2 different filters, sendmail.conf does check for clients or other servers (mostly spam bots), which usually just generate a lot of "reject" log entries. The sendmail-auth.conf does check for failed logins through SMTP Auth. bye Fabian |
From: Yehuda K. <ye...@ym...> - 2012-06-26 16:21:27
|
On Tue, Jun 26, 2012 at 11:40 AM, Fabian Wenk <fa...@we...> wrote: > I have created some own filters for the following applications, as they > did not exist with the fail2ban 0.8.6 Port on FreeBSD: > As I have not found any place on the fail2ban website ( > http://www.fail2ban.org/) to submit them to the project, I have just > attached them to this e-mail to contribute them to fail2ban. The best way to submit patches or features is through fail2ban's GitHub project (https://github.com/fail2ban/fail2ban). Fork the project, make your changes and submit a pull request. This will make it that your name is attached to those changes so you can get the credit (and the blame of course ;-) ) for those changes. I will see about updating the wiki with this info. - Y |
From: Fabian W. <fa...@we...> - 2012-06-26 16:57:25
|
Hello Andrew To keep my answer public, I do answer on the mailing list, I hope this is ok for you too. On 26.06.2012 17:48, Kaplan, Andrew H. wrote: > I am going through the motions of setting up filters on our > sendmail server, and yours look like ones that would of great > help. At the risk of sounding like an idiot, I had several > questions concerning them: > > 1. Should the conf files be copied into the filter.d folder? Yes, and hopefully they will be part of the next fail2ban update. > 2. What modifications should be done to the jail.conf file? I have the following lines in my jail.local file, but as I am running it on FreeBSD, you will probably need to adjust the 'action = ' and 'logpath = ' lines. And also you need to set your own values for maxretry, findtime and bantime depending on your preferences: [sendmail] enabled = true port = smtp filter = sendmail action = bsd-ipfw[port=25] logpath = /var/log/maillog maxretry = x findtime = xx bantime = xxx [sendmail-auth] enabled = true port = smtp filter = sendmail-auth action = bsd-ipfw[port=25] logpath = /var/log/maillog maxretry = x findtime = xx bantime = xxxx bye Fabian |
From: Fabian W. <fa...@we...> - 2012-06-26 17:17:20
|
Hello Yehuda On 26.06.2012 17:51, Yehuda Katz wrote: > The best way to submit patches or features is through fail2ban's GitHub > project (https://github.com/fail2ban/fail2ban). > Fork the project, make your changes and submit a pull request. This will > make it that your name is attached to those changes so you can get the > credit (and the blame of course ;-) ) for those changes. Thank you for the information. I will look into this. But as I am not a developer, I think this is a little bit overkill. As my name and e-mail address are in the config file itself, I think there is no need to create an additional project just for this 4 filters. I do not mind, if one of the developers checks them into the main fail2ban repository. bye Fabian |
From: Amir 'C. C. <ce...@3p...> - 2012-06-26 18:11:28
|
Just for reference, I already created a github issue for sendmail a while back: https://github.com/fail2ban/fail2ban/issues/20 No specific pull request yet since I've been busy with other things... but it's there. --- Amir At 7:17 PM +0200 06/26/2012, Fabian Wenk wrote: >Hello Yehuda > >On 26.06.2012 17:51, Yehuda Katz wrote: >> The best way to submit patches or features is through fail2ban's GitHub >> project (https://github.com/fail2ban/fail2ban). >> Fork the project, make your changes and submit a pull request. This will >> make it that your name is attached to those changes so you can get the >> credit (and the blame of course ;-) ) for those changes. > >Thank you for the information. I will look into this. But as I am >not a developer, I think this is a little bit overkill. As my >name and e-mail address are in the config file itself, I think >there is no need to create an additional project just for this 4 >filters. I do not mind, if one of the developers checks them into >the main fail2ban repository. > > >bye >Fabian |
From: Fabian W. <fa...@we...> - 2012-08-26 13:52:13
|
Hello On 26.06.2012 17:40, Fabian Wenk wrote: > I have created some own filters for the following applications, > as they did not exist with the fail2ban 0.8.6 Port on FreeBSD: > Roundcube (http://www.roundcube.net/) For the Roundcube filter to work, also the following setting in the Roundecube config/main.inc.php file is needed: $rcmail_config['log_session'] = true; This will log session authentication errors to <log_dir>/session or to syslog. As the attachments are not available from the mailing list archive, I have put my config files online at [1], feel free to use them. [1] http://www.wenks.ch/fabian/fail2ban/ bye Fabian |