From 4a0e3a433b36d11dd04c9eee58cd8c604d8497c8 Mon Sep 17 00:00:00 2001 From: andryyy Date: Wed, 30 Aug 2017 22:27:33 +0200 Subject: [PATCH] [Fail2ban] Remove rule to detect disconnects without authentication --- data/Dockerfiles/fail2ban/logwatch.py | 9 ++++----- docker-compose.yml | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/data/Dockerfiles/fail2ban/logwatch.py b/data/Dockerfiles/fail2ban/logwatch.py index d431a072..9615d53a 100644 --- a/data/Dockerfiles/fail2ban/logwatch.py +++ b/data/Dockerfiles/fail2ban/logwatch.py @@ -23,11 +23,10 @@ pubsub = r.pubsub() RULES = {} RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed' RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),' -RULES[3] = '-login: Disconnected \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' -RULES[4] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' -RULES[5] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' -RULES[6] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked' -RULES[7] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)' +RULES[3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' +RULES[4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' +RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked' +RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)' r.setnx("F2B_BAN_TIME", "1800") r.setnx("F2B_MAX_ATTEMPTS", "10") diff --git a/docker-compose.yml b/docker-compose.yml index 0d973dfe..0d865ee1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -309,7 +309,7 @@ services: - acme fail2ban-mailcow: - image: mailcow/fail2ban:1.5 + image: mailcow/fail2ban:1.6 build: ./data/Dockerfiles/fail2ban depends_on: - dovecot-mailcow