Hi,
I've installed fail2ban contrib on a 9.1 server with sogo. When I test the Sogo authentication (intentionally wrong credentials) fail2ban does not 'kick in', although I can see the login attempts in the sogo log file (100 false attemps).
Any hints please?
[root@sl01 fail2ban]# fail2ban-regex /var/log/sogo/sogo.log /etc/fail2ban/filter.d/sogo-auth.conf
Running tests
=============
Use failregex filter file : sogo-auth, basedir: /etc/fail2ban
Use log file : /var/log/sogo/sogo.log
Use encoding : UTF-8
Results
=======
Failregex: 100 total
|- #) [# of hits] regular expression
| 1) [100] ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$
`-
Ignoreregex: 0 total
2 Replies
1328 Views