[Fail2ban] Remove rule to detect disconnects without authentication
This commit is contained in:
andryyy
parent
3e741a0d9c
commit
4a0e3a433b
@ -23,11 +23,10 @@ pubsub = r.pubsub()
|
|||||||
RULES = {}
|
RULES = {}
|
||||||
RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
|
RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
|
||||||
RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
|
RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
|
||||||
RULES[3] = '-login: Disconnected \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
|
RULES[3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
|
||||||
RULES[4] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
|
RULES[4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
|
||||||
RULES[5] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
|
RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
|
||||||
RULES[6] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
|
RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
|
||||||
RULES[7] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
|
|
||||||
|
|
||||||
r.setnx("F2B_BAN_TIME", "1800")
|
r.setnx("F2B_BAN_TIME", "1800")
|
||||||
r.setnx("F2B_MAX_ATTEMPTS", "10")
|
r.setnx("F2B_MAX_ATTEMPTS", "10")
|
||||||
|
|||||||
@ -309,7 +309,7 @@ services:
|
|||||||
- acme
|
- acme
|
||||||
|
|
||||||
fail2ban-mailcow:
|
fail2ban-mailcow:
|
||||||
image: mailcow/fail2ban:1.5
|
image: mailcow/fail2ban:1.6
|
||||||
build: ./data/Dockerfiles/fail2ban
|
build: ./data/Dockerfiles/fail2ban
|
||||||
depends_on:
|
depends_on:
|
||||||
- dovecot-mailcow
|
- dovecot-mailcow
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user