Stable IT: Исправленное правило для fail2ban для защиты Dovecot / Debian

Wednesday, 24 February 2010

Исправленное правило для fail2ban для защиты Dovecot / Debian

Необходимо внести в файл /etc/fail2ban/filter.d/dovecot-pop3imap.conf (взятый по ссылке ниже) следующий контент:

[Definition]
# Example:
# Feb 25 00:56:29 v1 dovecot: pop3-login: Aborted login (1 authentication attempts): user=, method=PLAIN, rip=95.79.205.2, lip=188.40.60.215, TLS

# fixed by FastVPS version:
failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login|Aborted login \(auth failed|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =

Первоначальная версия взята здесь: http://wiki.dovecot.org/HowTo/Fail2Ban

3 comments :

spinal2 August 2011 at 17:43
2011-08-02 20:36:45,686 fail2ban.filter : ERROR Unable to compile regular expression '(?: pop3-login|imap-login): (?:Authentication failure|Aborted login|Aborted login \(auth failed|Disconnected \(auth failed).*rip=(?P\S*),.*'
ReplyDelete
Replies
spinal2 August 2011 at 17:44
This comment has been removed by the author.
ReplyDelete
Replies
Pavel Odintsov2 August 2011 at 17:55
Ну или так)
ReplyDelete
Replies

Add comment

Note: only a member of this blog may post a comment.

FastNetMon

Wednesday, 24 February 2010

Исправленное правило для fail2ban для защиты Dovecot / Debian

3 comments :