[Fai2ban] Added auto-detection for container names; Allow multiple rules for each container; log rule id and container on match

master
andryyy 2017-06-29 11:30:14 +02:00
parent 372da9b557
commit a6b60aebb8
2 changed files with 35 additions and 12 deletions

View File

@ -19,12 +19,30 @@ if re.search(yes_regex, os.getenv('SKIP_FAIL2BAN', 0)):
raise SystemExit raise SystemExit
r = redis.StrictRedis(host='172.22.1.249', decode_responses=True, port=6379, db=0) r = redis.StrictRedis(host='172.22.1.249', decode_responses=True, port=6379, db=0)
RULES = { client = docker.from_env()
'mailcowdockerized_postfix-mailcow_1': 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed',
'mailcowdockerized_dovecot-mailcow_1': '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),', for container in client.containers.list():
'mailcowdockerized_sogo-mailcow_1': 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked', if "postfix-mailcow" in container.name:
'mailcowdockerized_php-fpm-mailcow_1': 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)', postfix_container = container.name
} elif "dovecot-mailcow" in container.name:
dovecot_container = container.name
elif "sogo-mailcow" in container.name:
sogo_container = container.name
elif "php-fpm-mailcow" in container.name:
php_fpm_container = container.name
RULES = {}
RULES[postfix_container] = {}
RULES[dovecot_container] = {}
RULES[sogo_container] = {}
RULES[php_fpm_container] = {}
RULES[postfix_container][1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed'
RULES[dovecot_container][1] = '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),'
RULES[sogo_container][1] = 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked'
RULES[php_fpm_container][1] = 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)'
r.setnx("F2B_BAN_TIME", "1800") r.setnx("F2B_BAN_TIME", "1800")
r.setnx("F2B_MAX_ATTEMPTS", "10") r.setnx("F2B_MAX_ATTEMPTS", "10")
@ -135,11 +153,16 @@ def watch(container):
log['message'] = "Watching %s" % container log['message'] = "Watching %s" % container
r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False)) r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False))
print "Watching", container print "Watching", container
client = docker.from_env()
for msg in client.containers.get(container).attach(stream=True, logs=False): for msg in client.containers.get(container).attach(stream=True, logs=False):
result = re.search(RULES[container], msg) for rule_id, rule_regex in RULES[container].iteritems():
result = re.search(rule_regex, msg)
if result: if result:
addr = result.group(1) addr = result.group(1)
print "%s matched rule id %d in %s" % (addr, rule_id, container)
log['time'] = int(round(time.time()))
log['priority'] = "warn"
log['message'] = "%s matched rule id %d in %s" % (addr, rule_id, container)
r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False))
ban(addr) ban(addr)
def autopurge(): def autopurge():

View File

@ -318,7 +318,7 @@ services:
- acme - acme
fail2ban-mailcow: fail2ban-mailcow:
image: mailcow/fail2ban:1.3 image: mailcow/fail2ban:1.5
build: ./data/Dockerfiles/fail2ban build: ./data/Dockerfiles/fail2ban
depends_on: depends_on:
- dovecot-mailcow - dovecot-mailcow