WebSVN – configs – Diff – /homeserver/etc/fail2ban/filter.d/roundcube-auth.conf



# Fail2Ban configuration file for roundcube web server
#
# By default failed logins are printed to 'errors'. The first regex matches those
# The second regex matches those printed to 'userlogins'
#   The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php
#
# The logpath in your jail can be updated to userlogins if you wish
#
 
[INCLUDES]
 
before = common.conf
 
[Definition]
 
failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
            ^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
 
ignoreregex = 
# DEV Notes:
#
# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180

# Assume that the user can inject "from <HOST>" into the imap response
# somehow. Write test cases around this to ensure that the combination of
# arbitrary user input and IMAP response doesn't inject the wrong IP for
# fail2ban
#
# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens

Rev 34	Rev 39
Line 1...	Line 1...
1	`# Fail2Ban configuration file for roundcube web server`	1	`# Fail2Ban configuration file for roundcube web server`
2	`#`	2	`#`
-		3	`# By default failed logins are printed to 'errors'. The first regex matches those`
-		4	`# The second regex matches those printed to 'userlogins'`
-		5	`# The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php`
3	`#`	6	`#`
-		7	`# The logpath in your jail can be updated to userlogins if you wish`
4	`#`	8	`#`
5		9
6	`[INCLUDES]`	10	`[INCLUDES]`
7		11
8	`before = common.conf`	12	`before = common.conf`
9		13
10	`[Definition]`	14	`[Definition]`
11		15
12	`failregex = ^\s(\[\])?(%(__hostname)s roundcube: IMAP Error)?: (FAILED login\|Login failed) for .? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$`	16	`failregex = ^\s(\[\])?(%(__hostname)s\s(roundcube:)?\s(<[\w]+>)? IMAP Error)?: (FAILED login\|Login failed) for .? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$`
-		17	`^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$`
13		18
14	`ignoreregex =`	19	`ignoreregex =`
15	`# DEV Notes:`	20	`# DEV Notes:`
16	`#`	21	`#`
17	`# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180`	22	`# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180`
Line 24...	Line 29...
24	`# Assume that the user can inject "from <HOST>" into the imap response`	29	`# Assume that the user can inject "from <HOST>" into the imap response`
25	`# somehow. Write test cases around this to ensure that the combination of`	30	`# somehow. Write test cases around this to ensure that the combination of`
26	`# arbitrary user input and IMAP response doesn't inject the wrong IP for`	31	`# arbitrary user input and IMAP response doesn't inject the wrong IP for`
27	`# fail2ban`	32	`# fail2ban`
28	`#`	33	`#`
29	`# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black`	34	`# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens`

Subversion Repositories configs

(root)/homeserver/etc/fail2ban/filter.d/roundcube-auth.conf – Rev 34 → 39