similar to: fail2ban

Displaying 20 results from an estimated 6000 matches similar to: "fail2ban"

2020 May 22
3
fail2ban setup centos 7 not picking auth fail?
On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote: > On 22-05-2020 10:38, Voytek Eymont wrote: > > Hardly a Dovecot issue. Can you please post the output of this command? > /usr/bin/fail2ban-regex /var/log/dovecot.log > /etc/fail2ban/filter.d/dovecot.conf Adi, thanks, what I get is: # /usr/bin/fail2ban-regex /var/log/dovecot.log /etc/fail2ban/filter.d/dovecot.conf Running
2009 May 11
4
Fail2Ban and the Dovecot log
Hi, Is there any way to disable the "dovecot: " at the beginning of each line of the log? Fail2Ban responds poorly to it. I know there are a number of sites with "failregex" strings for Fail2Ban and Dovecot, but I've tried them all, and they don't work, at least with the latest Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear about why there
2013 Oct 04
4
fail2ban
For dovecot 2.1 as per wiki2, is this still valid? noticed a problem before and saw it does seem to be triggering, I use: maxretry = 6 findtime = 600 bantime = 3600 and there was like, 2400 hits in 4 minutes, it is pointing to the correct log file, but I am no expert with fail2ban, so not sure if the log format of today is compatible with the wiki2 entry filter.d/dovecot.conf [Definition]
2017 Sep 11
3
Fail2ban 'Password mismatch' regex
I have turned on 'auth_debug_passwords=yes? in dovecot.conf. I?m trying to get Fail2ban to detect this log line: Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at bordo.com.au>,::1,<L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password mismatch (given password: 2) I?ve added it as the last line of my dovecot filter regex: failregex =
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot I've installed fail2ban, I've copied config from https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, attempted multiple mail access with wrong password, but, get this: # fail2ban-client status dovecot-pop3imap Status for the jail: dovecot-pop3imap |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File
2017 Sep 11
2
Fail2ban 'Password mismatch' regex
> On 11 Sep 2017, at 5:10 pm, Christian Kivalo <ml+dovecot at valo.at> wrote: > > On 2017-09-11 08:57, James Brown wrote: >> I have turned on 'auth_debug_passwords=yes? in dovecot.conf. >> I?m trying to get Fail2ban to detect this log line: >> Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at
2011 Aug 09
3
fail2ban help
Hello list. I have a question for fail2ban for bad logins on sasl. I use sasl, sendmail and cyrus-imapd. In jail.conf I use the following syntax: [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=my at email] logpath = /var/log/maillog maxretry = 6 and the following filter:
2019 Apr 09
1
Editing fail2ban page?
In https://wiki.dovecot.org/HowTo/Fail2Ban, for a current (I know for a fact in 2.2.36) I believe it should be filter = dovecot instead of filter = dovecot-pop3imap [root at mail ~]# ls -l /etc/fail2ban/filter.d/doveco* -rw-r--r-- 1 root root 1875 May 11 2017 /etc/fail2ban/filter.d/dovecot.conf [root at mail ~]#
2008 Jul 23
1
[Fwd: Re: fail2ban needs shorewall?]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've used denyhosts. If you do have an issue with fail2ban, it does pretty much the same thing. Andy - -------- Original Message -------- Subject: Re: [CentOS] fail2ban needs shorewall? Date: Wed, 23 Jul 2008 17:08:07 +0200 From: Kai Schaetzl <maillists at conactive.com> Reply-To: CentOS mailing list <centos at centos.org> To:
2013 Jul 14
1
Fail2ban and logging
Hello, Dovecot is logging authentication failures this way: ------ Jul 12 18:07:19 vps0 dovecot: imap-login: Disconnected (auth failed, 22 attempts in 172 secs): user=<info>, method=PLAIN, rip=82.95.148.152, lip=1.2.3.4, TLS, session=<QylMqlLhVwBSX5SY> ------ Fail2ban is trying to catch them with this regex: ------ failregex = .*(?:pop3-login|imap-login):.*(?:Authentication
2010 Jun 10
2
Fail2ban
I have fail2ban working for EVERYTHING else except dovecot. I have tried using my own custom regex in conjunction with the regex on the dovecot.org site. Neither are picked up by fail2ban and I'm trying to use an imminent attack agaist dovecot, going on now, to my advantage to see when I get the right regexp. Here are my current ones: failregex = .*dovecot: (?:pop3-login|imap-login):
2010 Aug 01
3
fail2ban does not work for my asterisk installation
The failregex statement in my jail.conf file is: * failregex* = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP. NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong password NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' - Wrong password systemctl status
2015 Sep 13
4
Fail2ban
Hello I'm using the Fail2ban. I configuration below. I want to try to prevent the continuous password. Fail2ban password that does not prevent this form. (Asterisk 1.8 / Elastix interface) What could be the problem ? Asterisk log; "Registration from '<sip:3060 at sip.x.eu;transport=UDP>' failed for 'x.x.x.x:32956' - Wrong password" Fail2ban asterisk
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst (www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does NOT use the log file, or regexes, to match etc.instead it talks to Asterisk through the AMI to extract security information. Messing with regexes is a losing battle, and the lag in reading logs can allow an attacker 100+ registration
2020 May 22
1
fail2ban setup centos 7 not picking auth fail?
I'm trying to set up fail2ban with dovecot, I have it working on 'old' server Centos 6, but, not getting anywhere with 'new' server on Centos 7 using standard filters I've copied same 'filter' to new server, still get nothing any idea how to figure this out ? on old server, it logs to syslog/messages CentOS release 6.10 (Final) dovecot 2.3.10.1 (a3d0e1171) old #
2013 Apr 10
3
fail2ban problem
Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling'] I tried gemin against
2015 Sep 14
2
Fail2ban
I solved the problem. "action.d/iptables-custom.conf" include only udp. service fail2ban restart Thank you. On Sun, Sep 13, 2015 at 9:17 PM, Andres <andres at telesip.net> wrote: > On 9/13/15 11:16 AM, Gokan Atmaca wrote: >> >> Hello >> >> I'm using the Fail2ban. I configuration below. I want to try to >> prevent the continuous password.
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
Hi list , someone on the list has seen this type of connection attempts in asterisk, fail2ban does not stop 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at
2017 Jul 29
1
under another kind of attack
Hi to all, @Olaf Hopp I've this filter enabled for fail2ban, my question is: could my filters overlap or interfere with those suggested by you? this is my filter: Contents of /etc/fail2ban/jail.conf: [postfix] # Ban for 10 minutes if it fails 6 times within 10 minutes enabled = true port = smtp,ssmtp filter = postfix logpath = /var/log/mail.log maxretry = 6 bantime = 600