2012-01-26 22:33:01 +00:00
|
|
|
# Fail2Ban configuration file
|
|
|
|
#
|
|
|
|
# Author: Tom Hendrikx, modifications by Amir Caspi
|
|
|
|
#
|
|
|
|
# This filter monitors the fail2ban log file, and enables you to add long
|
|
|
|
# time bans for ip addresses that get banned by fail2ban multiple times.
|
|
|
|
# Reasons to use this: block very persistent attackers for a longer time,
|
|
|
|
# stop receiving email notifications about the same attacker over and
|
|
|
|
# over again.
|
|
|
|
#
|
|
|
|
# This jail is only useful if you set the 'findtime' and 'bantime' parameters
|
|
|
|
# in jail.conf to a higher value than the other jails. Also, this jail has its
|
|
|
|
# drawbacks, namely in that it works only with iptables, or if you use a
|
|
|
|
# different blocking mechanism for this jail versus others (e.g. hostsdeny
|
|
|
|
# for most jails, and shorewall for this one).
|
|
|
|
#
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
|
|
|
# The name of the jail that this filter is used for. In jail.conf, name the
|
|
|
|
# jail using this filter 'recidive', or change this line!
|
|
|
|
_jailname = recidive
|
|
|
|
|
|
|
|
# Option: failregex
|
|
|
|
# Notes.: regex to match the password failures messages in the logfile. The
|
|
|
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
|
|
|
# be used for standard IP/hostname matching and is only an alias for
|
|
|
|
# (?:::f{4,6}:)?(?P<host>\S+)
|
|
|
|
# Values: TEXT
|
|
|
|
#
|
2012-01-27 04:28:44 +00:00
|
|
|
failregex = fail2ban.actions:\s+WARNING\s+\[(?:.*)\]\s+Ban\s+<HOST>
|
2012-01-26 22:33:01 +00:00
|
|
|
|
|
|
|
# Option: ignoreregex
|
|
|
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
|
|
# Values: TEXT
|
|
|
|
#
|
|
|
|
# Ignore our own bans, to keep our counts exact.
|
|
|
|
ignoreregex = fail2ban.actions:\s+WARNING\s+\[%(_jailname)s\]\s+Ban\s+<HOST>
|