Bug#627139: mumble-server: murmurd doesn't include remote IP in password failure log message - needed for fail2ban

Patrick Matthäi pmatthaei at debian.org
Sat Oct 1 08:37:47 UTC 2011 

On 18.05.2011 00:40, Iain Georgeson wrote:
> Package: mumble-server
> Version: 1.2.2-6
> Severity: minor
> Tags: patch
> 
> I like to use fail2ban to monitor any network service with login capability.
> I'm using an external authenticator to make murmurd auth against LDAP,
> so I want to be sure I'm not allowing an avenue for dictionary attacks
> against it.
> 
> fail2ban needs to match a single log line which contains:
>  * a date
>  * an IP
>  * some string which shows it's a login failure (e.g. /Wrong password for user/)
> 
> murmurd doesn't include the IP in that log message so fail2ban can't get
> the information it needs. Did this to it:
> 
> 
> --- src/murmur/Messages.cpp.orig	2011-05-17 23:31:54.000000000 +0100
> +++ src/murmur/Messages.cpp	2011-05-17 22:27:41.000000000 +0100
> @@ -172,7 +172,9 @@
>  	}
>  
>  	if (! ok) {
> -		log(uSource, QString("Rejected connection: %1").arg(reason));
> +	    log(uSource, QString("Rejected connection from %1: %2").
> +		    arg(addressToString(uSource->peerAddress(),
> +				        uSource->peerPort()), reason));
>  		MumbleProto::Reject mpr;
>  		mpr.set_reason(u8(reason));
>  		mpr.set_type(rtType);
> 
> 
> My fail2ban setup now looks like
> 
> jail.local:
> [mumble-server]
> 
> enabled = true
> port    = 64738
> filter  = mumble-server
> logpath = /var/log/mumble-server/mumble-server.log
> 
> 
> filter.d/mumble-server.conf:
> failregex = ^\<W\>.*Rejected connection from <HOST>:\d+: Wrong password for user$

Would you be so kindly and send the patch to upstream on github?


-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

E-Mail: pmatthaei at debian.org
        patrick at linux-dev.org
*/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20111001/4aca597f/attachment.pgp>

More information about the Pkg-voip-maintainers mailing list