Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: guest22 on June 11, 2016, 07:11:32 AM

Title: Fail2ban not working?
Post by: guest22 on June 11, 2016, 07:11:32 AM

Hi,


I've installed fail2ban contrib on a 9.1 server with sogo. When I test the Sogo authentication (intentionally wrong credentials) fail2ban does not 'kick in', although I can see the login attempts in the sogo log file (100 false attemps).


Any hints please?


 [root@sl01 fail2ban]# fail2ban-regex /var/log/sogo/sogo.log /etc/fail2ban/filter.d/sogo-auth.conf


Running tests
=============


Use   failregex filter file : sogo-auth, basedir: /etc/fail2ban
Use         log file : /var/log/sogo/sogo.log
Use         encoding : UTF-8




Results
=======


Failregex: 100 total
|-  #) [# of hits] regular expression
|   1) [100] ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
`-


Ignoreregex: 0 total

Title: Re: Fail2ban not working?
Post by: Daniel B. on June 12, 2016, 10:02:04 AM

Are you trying your wrong logins from the local network ?

Title: Re: Fail2ban not working?
Post by: guest22 on June 12, 2016, 10:02:42 AM

Quote from: Daniel B. on June 12, 2016, 10:02:04 AM

Are you trying your wrong logins from the local network ?

No...