View Single Post
  #7  
Old 9th September 2012, 21:06
phry phry is offline
Junior Member
 
Join Date: Sep 2012
Posts: 5
Thanks: 0
Thanked 4 Times in 2 Posts
Default

And here's the final code if anyone wants to do the same:

~ispconfig/interface/lib/plugins/login_fail2ban_plugin.inc.php
PHP Code:
class login_fail2ban_plugin {

        var 
$plugin_name 'login_fail2ban_plugin';
        var 
$class_name  'login_fail2ban_plugin';

        
/*
                This function is called when the plugin is loaded
        */

        
function onLoad() {
                global 
$app;
                
/*
                Register for the events
                */

                
$app->plugin->registerEvent('login_failed',$this->plugin_name,'log_fail');

        }

        function 
log_fail($event_name,$data) {
                
openlog("ispconfig"LOG_PID LOG_PERRORLOG_LOCAL0);
                
syslog(LOG_WARNING"Login failed for user ".$_POST['username']." on IP ".$_SERVER['REMOTE_ADDR']);
        }




// end class 
/etc/rsyslog.d/12-ispconfig.conf
Code:
if $programname == 'ispconfig' then /var/log/ispconfig.log
restart rsyslog
Code:
service rsyslog restart
/etc/fail2ban/filter.d/ispconfig.conf
Code:
[Definition]
failregex = (.*) Login failed for user (.*) on IP <HOST>
ignoreregex =

test it
Code:
fail2ban-regex /var/log/ispconfig.log /etc/fail2ban/filter.d/ispconfig.conf
and add a jail to your /etc/fail2ban/jail.conf:
Code:
[ispconfig]
enabled  = true
port     = http,https
filter   = ispconfig
logpath  = /var/log/ispconfig.log
restart fail2ban

Code:
service fail2ban restart
and be happy

Last edited by phry; 10th September 2012 at 00:01.
Reply With Quote