Package: squirrelmail-logger
Version: 2.3-4
Severity: normal
I just attempted to setup fail2ban following the documentation in
/usr/share/doc/squirrelmail-logger/fail2ban and I ran into a few problems.
The failregex doesn't match the syslog output for failed logins. Syslog is the
default logging setup for squirrlemail-logger.
The section name in the jail.conf caused me to see some iptables errors because
"fail2ban-squirrelmail-iptables" is close to or over the limit of table name
length for iptables. The limit is 30 chars.
The logpath should be set to syslog since that is the default method.
The action method should be ommitted, the default action works just fine.
Ports need to be specified.
I think with the following changes the example will work better for those using
a default fail2ban setup.
Thank you for considering this change
Josh
==cut
--- fail2ban 2008-02-12 05:23:42.000000000 -0600
+++ fail2ban-fixed 2012-03-13 10:27:47.000000000 -0500
@@ -12,13 +12,12 @@
https, or use "iptables-multiport[port="http,https"]" if using both,
also be sure to set the correct log path and filename for your setup):
===============================================
-[squirrelmail-iptables]
+[squirrelmail]
enabled = true
filter = squirrelmail
-action = iptables[name=SquirrelMail, port=https, protocol=tcp]
- sendmail-whois[name=SquirrelMail, dest=some...@example.com,
sender=r...@example.com]
-logpath = /var/lib/squirrelmail/prefs/squirrelmail.log
+port = http,https
+logpath = /var/log/syslog
maxretry = 5
bantime = 3600
===============================================
@@ -42,7 +41,7 @@
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
-failregex = \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect
+failregex = squirrelmail: Failed webmail login:.*at <HOST> on .*\(Unknown user
or password incorrect\.\)
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
==endcut
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-2-pve (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages squirrelmail-logger depends on:
ii squirrelmail 2:1.4.21-2 Webmail for nuts
ii squirrelmail-compatibility 2.0.16-1 SquirrelMail plugin: Let other plu
squirrelmail-logger recommends no packages.
squirrelmail-logger suggests no packages.
-- no debconf information
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
