Bug#369483: saslauthd rules

martin f krafft Tue, 30 May 2006 00:16:14 -0700

Package: fail2ban
Version: 0.6.1-1
Severity: wishlist

please consider adding the following ruleset for saslauthd:


[SASL]
# Option:  enabled
# Notes.:  enable monitoring for this section.
# Values:  [true | false]  Default:  true
#
enabled = true

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default:
#
port = smtp

# Option:  logfile
# Notes.:  logfile to monitor.
# Values:  FILE  Default:  /var/log/auth.log
#
logfile = /var/log/mail.log

# Option:  timeregex
# Notes.:  regex to match timestamp in SSH logfile.
# Values:  [Mar  7 17:53:28]
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
#
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# Option:  timepattern
# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
#
timepattern = %%b %%d %%H:%%M:%%S

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile.
# Values:  TEXT  Default:  (?:Authentication failure|Failed 
(?:keyboard-interactive/pam|password)) for(?: illegal user)? .* from 
(?:::f{4,6}:)?(?P<host>\S*)
#
failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL 
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$



Thanks,

-- System Information:
Debian Release: testing/unstable
  APT prefers stable
  APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages fail2ban depends on:
ii  iptables                      1.3.3-2    Linux kernel 2.4+ iptables adminis
ii  python                        2.3.5-5    An interactive high-level object-o

fail2ban recommends no packages.

-- no debconf information

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <[EMAIL PROTECTED]>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system

signature.asc
Description: Digital signature (GPG/PGP)

Bug#369483: saslauthd rules

Reply via email to