diff --git a/data/Dockerfiles/fail2ban/logwatch.py b/data/Dockerfiles/fail2ban/logwatch.py index b7430988..5dec15e2 100644 --- a/data/Dockerfiles/fail2ban/logwatch.py +++ b/data/Dockerfiles/fail2ban/logwatch.py @@ -19,12 +19,30 @@ if re.search(yes_regex, os.getenv('SKIP_FAIL2BAN', 0)): raise SystemExit r = redis.StrictRedis(host='172.22.1.249', decode_responses=True, port=6379, db=0) -RULES = { - 'mailcowdockerized_postfix-mailcow_1': 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed', - 'mailcowdockerized_dovecot-mailcow_1': '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),', - 'mailcowdockerized_sogo-mailcow_1': 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked', - 'mailcowdockerized_php-fpm-mailcow_1': 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)', -} +client = docker.from_env() + +for container in client.containers.list(): + if "postfix-mailcow" in container.name: + postfix_container = container.name + elif "dovecot-mailcow" in container.name: + dovecot_container = container.name + elif "sogo-mailcow" in container.name: + sogo_container = container.name + elif "php-fpm-mailcow" in container.name: + php_fpm_container = container.name + +RULES = {} + +RULES[postfix_container] = {} +RULES[dovecot_container] = {} +RULES[sogo_container] = {} +RULES[php_fpm_container] = {} + +RULES[postfix_container][1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .* authentication failed' +RULES[dovecot_container][1] = '-login: Disconnected \(auth failed, .*\): user=.*, method=.*, rip=([0-9a-f\.:]+),' +RULES[sogo_container][1] = 'SOGo.* Login from \'([0-9a-f\.:]+)\' for user .* might not have worked' +RULES[php_fpm_container][1] = 'Mailcow UI: Invalid password for .* by ([0-9a-f\.:]+)' + r.setnx("F2B_BAN_TIME", "1800") r.setnx("F2B_MAX_ATTEMPTS", "10") @@ -135,12 +153,17 @@ def watch(container): log['message'] = "Watching %s" % container r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False)) print "Watching", container - client = docker.from_env() for msg in client.containers.get(container).attach(stream=True, logs=False): - result = re.search(RULES[container], msg) - if result: - addr = result.group(1) - ban(addr) + for rule_id, rule_regex in RULES[container].iteritems(): + result = re.search(rule_regex, msg) + if result: + addr = result.group(1) + print "%s matched rule id %d in %s" % (addr, rule_id, container) + log['time'] = int(round(time.time())) + log['priority'] = "warn" + log['message'] = "%s matched rule id %d in %s" % (addr, rule_id, container) + r.lpush("F2B_LOG", json.dumps(log, ensure_ascii=False)) + ban(addr) def autopurge(): while not quit_now: diff --git a/docker-compose.yml b/docker-compose.yml index c0388967..4ee191e7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -318,7 +318,7 @@ services: - acme fail2ban-mailcow: - image: mailcow/fail2ban:1.3 + image: mailcow/fail2ban:1.5 build: ./data/Dockerfiles/fail2ban depends_on: - dovecot-mailcow