Integrate with CSF or Fail2ban
For easy and secure admin I think it is good to implement that.
This is already available for some time. A how-to here: https://www.axigen.com/articles/fail2ban-linux-brute-force-attack-protection_82.html
NB: There's also a Windows integration: https://www.axigen.com/articles/rdpguard-windows-brute-force-attack-protection_84.html
-
PeterJ commented
Just to update.
if (($globlogs{CUSTOM9_LOG}{$lgfile}) and ($line =~ /^.* SECURITY[:].*[;].*[;](\S+)[;].*[;]OP_FAIL[;](\S+)[;](.*)/)) {
return ("Failed Axigen login '$2' error '$3 ' from",$1,"AXImatch","5","25,80,110,143,443,465,587,993,995","18000")
}Is the correct way to add to CSF regex file.
-
PeterJ commented
Hey Ioan,
Just a quick one, I've read that post but it doesn't seem to work for my server.Here is an example of my log.
2016-09-09 22:40:28 +0100 02 ubuntu-Server SECURITY:SMTP-IN;0000032F;201.161.16.51;4883;OP_FAIL;postgres@domainname.com;;Authentication error; Account not found locally
What would I have to change to get the regex to work correctly, I'm a bit new to all this.
-
Ioan commented
Details of the integration with fail2ban could be found in this thread [1].
I'll check about integration details with CSF and, if possible, post an update.