Hi All,
I was trying to set up the fail2ban on centos 6 for our SOGO server. I
have enabled the rule in jail.local file. But it does not block any ip
if anyone attempt to login with wrong password. Can you help me in that?
Below is the entry of jail.local and filter file.
*-- jail.local*
================================================================
[sogo-iptables]
enabled = true
filter = sogo-auth
# without proxy this would be:
# port = 20000
action = iptables-multiport[name=SOGo, port="http,https"]
logpath = /var/log/sogo/sogo.log
================================================================
*-- **sogo-auth.conf*
================================================================
# Fail2ban filter for SOGo authentcation
#
# Log file usually in /var/log/sogo/sogo.log
[Definition]
failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user
'.*' might not have worked( - password policy: \d* grace: -?\d*
expire: -?\d* bound: -?\d*)?\s*$
ignoreregex =
#
# DEV Notes:
#
# The error log may contain multiple hosts, whereas the first one
# is the client and all others are poxys. We match the first one, only
#
# Author: Arnd Brandes
================================================================
Thanks,
--
Kamaldeep Singh
System Administrator
Direct: +91 124 4548380
Tel: +91 124 4548383 Ext- 1007
UK: +44 845 0047 142 Ext- 5010
TBS Website <http://www.techbluesoftware.co.in>
Techblue Software Pvt. Ltd
The Palms, Plot No 73, Sector 5, IMT Manesar,
Gurgaon- 122050 (Hr.)
www.techbluesoftware.co.in <http://www.techbluesoftware.co.in>
TBS Facebook
<https://www.facebook.com/pages/Techblue-Software-Limited/441777369284888>
TBS Twitter <https://twitter.com/TechbluSoftware> TBS Google+
<https://plus.google.com/+TechblueSoftwareCoIn> TBS Linked In
<https://www.linkedin.com/company/techblue-softwares-pvt-ltd>
TBS Branding <http://www.techbluesoftware.co.in>
--
users@sogo.nu
https://inverse.ca/sogo/lists
