2007-08-08 22:21:15 +00:00
|
|
|
# Fail2Ban configuration file for named (bind9). Trying to generalize the
|
|
|
|
# structure which is general to capture general patterns in log
|
|
|
|
# lines to cover different configurations/distributions
|
|
|
|
#
|
|
|
|
# Author: Yaroslav Halchenko
|
|
|
|
#
|
2011-11-18 15:10:45 +00:00
|
|
|
# $Revision$
|
2007-08-08 22:21:15 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
2008-03-06 01:19:06 +00:00
|
|
|
#
|
|
|
|
# Daemon name
|
2007-08-08 22:21:15 +00:00
|
|
|
_daemon=named
|
|
|
|
|
|
|
|
#
|
|
|
|
# Shortcuts for easier comprehension of the failregex
|
|
|
|
__pid_re=(?:\[\d+\])
|
|
|
|
__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
|
|
|
|
__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
|
|
|
|
# hostname daemon_id spaces
|
|
|
|
# this can be optional (for instance if we match named native log files)
|
|
|
|
__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
|
|
|
|
|
|
|
|
# Option: failregex
|
|
|
|
# Notes.: regex to match the password failures messages in the logfile.
|
|
|
|
# Values: TEXT
|
|
|
|
#
|
2009-02-09 20:27:35 +00:00
|
|
|
failregex = %(__line_prefix)sclient <HOST>#.+: query(?: \(cache\))? '.*' denied\s*$
|
2007-08-08 22:21:15 +00:00
|
|
|
|
2008-07-21 14:13:13 +00:00
|
|
|
# Option: ignoreregex
|
|
|
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
|
|
# Values: TEXT
|
|
|
|
#
|
|
|
|
ignoreregex =
|