[Fai2ban] Added auto-detection for container names; Allow multiple rules for each container; log rule id and container on match
andryyy
parent
372da9b557
commit
a6b60aebb8
|
|
@ -19,12 +19,30 @@ if re.search(yes_regex, os.getenv('SKIP_FAIL2BAN', 0)):
|
||||||
raise SystemExit
|
raise SystemExit
|
||||||
|
|
||||||
r = redis.StrictRedis(host='172.22.1.249', decode_responses=True, port=6379, db=0)
|
r = redis.StrictRedis(host='172.22.1.249', decode_responses=True, port=6379, db=0)
|
||||||
RULES = {
|
client = docker.from_env()
|
||||||
'mailcowdockerized_postfix-mailcow_1': 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed',
|
|
||||||
'mailcowdockerized_dovecot-mailcow_1': '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),',
|
for container in client.containers.list():
|
||||||
'mailcowdockerized_sogo-mailcow_1': 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked',
|
if "postfix-mailcow" in container.name:
|
||||||
'mailcowdockerized_php-fpm-mailcow_1': 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)',
|
postfix_container = container.name
|
||||||
}
|
elif "dovecot-mailcow" in container.name:
|
||||||
|
dovecot_container = container.name
|
||||||
|
elif "sogo-mailcow" in container.name:
|
||||||
|
sogo_container = container.name
|
||||||
|
elif "php-fpm-mailcow" in container.name:
|
||||||
|
php_fpm_container = container.name
|
||||||
|
|
||||||
|
RULES = {}
|
||||||
|
|
||||||
|
RULES[postfix_container] = {}
|
||||||
|
RULES[dovecot_container] = {}
|
||||||
|
RULES[sogo_container] = {}
|
||||||
|
RULES[php_fpm_container] = {}
|
||||||
|
|
||||||
|
RULES[postfix_container][1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed'
|
||||||
|
RULES[dovecot_container][1] = '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),'
|
||||||
|
RULES[sogo_container][1] = 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked'
|
||||||
|
RULES[php_fpm_container][1] = 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)'
|
||||||
|
|
||||||
|
|
||||||
r.setnx("F2B_BAN_TIME", "1800")
|
r.setnx("F2B_BAN_TIME", "1800")
|
||||||
r.setnx("F2B_MAX_ATTEMPTS", "10")
|
r.setnx("F2B_MAX_ATTEMPTS", "10")
|
||||||
|
|
@ -135,12 +153,17 @@ def watch(container):
|
||||||
log['message'] = "Watching %s" % container
|
log['message'] = "Watching %s" % container
|
||||||
r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False))
|
r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False))
|
||||||
print "Watching", container
|
print "Watching", container
|
||||||
client = docker.from_env()
|
|
||||||
for msg in client.containers.get(container).attach(stream=True, logs=False):
|
for msg in client.containers.get(container).attach(stream=True, logs=False):
|
||||||
result = re.search(RULES[container], msg)
|
for rule_id, rule_regex in RULES[container].iteritems():
|
||||||
if result:
|
result = re.search(rule_regex, msg)
|
||||||
addr = result.group(1)
|
if result:
|
||||||
ban(addr)
|
addr = result.group(1)
|
||||||
|
print "%s matched rule id %d in %s" % (addr, rule_id, container)
|
||||||
|
log['time'] = int(round(time.time()))
|
||||||
|
log['priority'] = "warn"
|
||||||
|
log['message'] = "%s matched rule id %d in %s" % (addr, rule_id, container)
|
||||||
|
r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False))
|
||||||
|
ban(addr)
|
||||||
|
|
||||||
def autopurge():
|
def autopurge():
|
||||||
while not quit_now:
|
while not quit_now:
|
||||||
|
|
|
||||||
|
|
@ -318,7 +318,7 @@ services:
|
||||||
- acme
|
- acme
|
||||||
|
|
||||||
fail2ban-mailcow:
|
fail2ban-mailcow:
|
||||||
image: mailcow/fail2ban:1.3
|
image: mailcow/fail2ban:1.5
|
||||||
build: ./data/Dockerfiles/fail2ban
|
build: ./data/Dockerfiles/fail2ban
|
||||||
depends_on:
|
depends_on:
|
||||||
- dovecot-mailcow
|
- dovecot-mailcow
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue