fail2ban/config/filter.d/pam-generic.conf

# Fail2Ban configuration file for generic PAM authentication errors
#

[INCLUDES]

before = common.conf

[Definition]

# if you want to catch only login errors from specific daemons, use something like
#_ttys_re=(?:ssh|pure-ftpd|ftp)
#
# Default: catch all failed logins
_ttys_re=\S*

__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
_daemon = \S+

failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$

ignoreregex = 

# DEV Notes:
#
# for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release)
# _daemon = \S*\(?pam_unix\)?
# failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
#
# Author: Yaroslav Halchenko
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-10 22:03:34 +00:00			`# Fail2Ban configuration file for generic PAM authentication errors`
			`#`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 00:50:46 +00:00			`[INCLUDES]`

			`before = common.conf`
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-10 22:03:34 +00:00
			`[Definition]`

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# if you want to catch only login errors from specific daemons, use something like`
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-10 22:03:34 +00:00			`#_ttys_re=(?:ssh\|pure-ftpd\|ftp)`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`#`
			`# Default: catch all failed logins`
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-10 22:03:34 +00:00			`_ttys_re=\S*`

			`__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?`
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 00:50:46 +00:00			`_daemon = \S+`
- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav Halchenko. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@677 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-10 22:03:34 +00:00
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 00:50:46 +00:00			`failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.)?\s$`

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`ignoreregex =`

			`# DEV Notes:`
			`#`
			`# for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release)`
ENH: added syslog prefix to pam-generic filter. Disable regex match for pre 2006 (< 0.99.2.0) versions on linux-pam 2013-09-17 00:50:46 +00:00			`# _daemon = \S*\(?pam_unix\)?`
			`# failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.)?\s$`
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@699 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-05-21 22:17:00 +00:00			`#`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Author: Yaroslav Halchenko`