fail2ban/config/filter.d/proftpd.conf

# Fail2Ban fitler for the Proftpd FTP daemon
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = proftpd

__suffix_failed_login = (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit (access|configuration) denies login|Not a UserAlias|maximum login length exceeded).?

failregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$
            ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): %(__suffix_failed_login)s\s*$
            ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: .* login attempted\. *$
            ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$

ignoreregex = 

# Author: Yaroslav Halchenko
#         Daniel Black - hardening of regex
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban fitler for the Proftpd FTP daemon`
added sections for sasl and proftpd authentications git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@402 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-10-02 13:42:36 +00:00			`#`
ENH: proftp regex hardening and log messages 2013-06-13 12:11:05 +00:00
			`[INCLUDES]`

			`before = common.conf`

added sections for sasl and proftpd authentications git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@402 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-10-02 13:42:36 +00:00			`[Definition]`

BF: fix daemon name typo for filter proftpd 2013-09-17 21:32:26 +00:00			`_daemon = proftpd`
ENH: Improve proftpd regex. Taken from @yarikoptic comment: https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500 2013-08-09 17:54:08 +00:00
ENH: Minor tweak on previous commit proftpd regex changes 2013-08-09 18:04:26 +00:00			`__suffix_failed_login = (User not authorized for login\|No such user found\|Incorrect password\|Password expired\|Account disabled\|Invalid shell: '\S+'\|User in \S+\|Limit (access\|configuration) denies login\|Not a UserAlias\|maximum login length exceeded).?`
BF: fix daemon name typo for filter proftpd 2013-09-17 21:32:26 +00:00
ENH: Tweak proftpd regex and add sample logs Needed to add optional ":" post __pid_re, and for consistency, decided to make use of __prefix_line instead which includes this. 2013-07-21 21:03:49 +00:00			`failregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .: no such user found from \S+ \[\S+\] to \S+:\S+ $`
ENH: Improve proftpd regex. Taken from @yarikoptic comment: https://github.com/fail2ban/fail2ban/pull/303#discussion_r5687500 2013-08-09 17:54:08 +00:00			`^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): %(__suffix_failed_login)s\s*$`
ENH: Tweak proftpd regex and add sample logs Needed to add optional ":" post __pid_re, and for consistency, decided to make use of __prefix_line instead which includes this. 2013-07-21 21:03:49 +00:00			`^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: .* login attempted\. *$`
			`^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$`
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-11-12 14:52:36 +00:00
- Defined default values in .conf. Should fix Debian bug #398758 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@464 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-11-15 18:44:28 +00:00			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
			`# Author: Yaroslav Halchenko`
			`# Daniel Black - hardening of regex`