"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "config/filter.d/dovecot.conf" between
fail2ban-0.10.3.1.tar.gz and fail2ban-0.10.4.tar.gz

About: fail2ban scans log files and bans (via firewall rules) IP-addresses that makes too many access failures. It updates firewall rules to reject the IP address. Experimental version.

dovecot.conf  (fail2ban-0.10.3.1):dovecot.conf  (fail2ban-0.10.4)
skipping to change at line 15 skipping to change at line 15
before = common.conf before = common.conf
[Definition] [Definition]
_auth_worker = (?:dovecot: )?auth(?:-worker)? _auth_worker = (?:dovecot: )?auth(?:-worker)?
_daemon = (?:dovecot(?:-auth)?|auth) _daemon = (?:dovecot(?:-auth)?|auth)
prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_a uth)s(?:\(dovecot:auth\))?: |(?:pop3|imap)-login: )?(?:Info: )?<F-CONTENT>.+</F- CONTENT>$ prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_a uth)s(?:\(dovecot:auth\))?: |(?:pop3|imap)-login: )?(?:Info: )?<F-CONTENT>.+</F- CONTENT>$
failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ru failregex = ^authentication failure; logname=<F-ALT_USER1>\S*</F-ALT_USER1> uid=
ser=\S* rhost=<HOST>(?:\s+user=\S*)?\s*$ \S* euid=\S* tty=dovecot ruser=<F-USER>\S*</F-USER> rhost=<HOST>(?:\s+user=<F-AL
^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:auth failed, T_USER>\S*</F-ALT_USER>)?\s*$
\d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth)\): ^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:auth failed,
(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$ \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|pro
xy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip
=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User no t known to the underlying authentication module: \d+ Time\(s\)|Authentication fa ilure \(password mismatch\?\)|Permission denied)\s*$ ^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User no t known to the underlying authentication module: \d+ Time\(s\)|Authentication fa ilure \(password mismatch\?\)|Permission denied)\s*$
^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:unknown user|invalid crede ntials)\s*$ ^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:unknown user|invalid crede ntials|Password mismatch)\s*$
<mdre-<mode>> <mdre-<mode>>
mdre-aggressive = ^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:no aut h attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(? : (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[ ^>]*(?:, session=<\S+>)?)\s*$ mdre-aggressive = ^(?:Aborted login|Disconnected)(?::(?: [^ \(]+)+)? \((?:no aut h attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(? : (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[ ^>]*(?:, session=<\S+>)?)\s*$
mdre-normal = mdre-normal =
# Parameter `mode` - `normal` or `aggressive`. # Parameter `mode` - `normal` or `aggressive`.
# Aggressive mode can be used to match log-entries like: # Aggressive mode can be used to match log-entries like:
# 'no auth attempts', 'disconnected before auth was ready', 'client didn't fin ish SASL auth'. # 'no auth attempts', 'disconnected before auth was ready', 'client didn't fin ish SASL auth'.
# Note it may produce lots of false positives on misconfigured MTAs. # Note it may produce lots of false positives on misconfigured MTAs.
 End of changes. 2 change blocks. 
6 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)