2006-07-17 19:26:14 +00:00
|
|
|
# Fail2Ban configuration file
|
|
|
|
|
#
|
|
|
|
|
# Author: Cyril Jaquier
|
|
|
|
|
#
|
|
|
|
|
# $Revision$
|
|
|
|
|
#
|
|
|
|
|
|
2006-07-16 21:35:08 +00:00
|
|
|
[Definition]
|
2006-06-26 20:05:00 +00:00
|
|
|
|
2006-07-16 21:35:08 +00:00
|
|
|
# Option: maxretry
|
|
|
|
|
# Notes.: number of failures before IP gets banned.
|
|
|
|
|
# Values: NUM Default: 5
|
|
|
|
|
#
|
|
|
|
|
maxretry = 5
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
|
# Option: logpath
|
|
|
|
|
# Notes.: logfile to monitor.
|
|
|
|
|
# Values: FILE Default: /var/log/secure
|
|
|
|
|
#
|
2006-07-16 21:35:08 +00:00
|
|
|
logpath = /var/log/secure
|
2006-06-26 20:05:00 +00:00
|
|
|
|
|
|
|
|
# Option: timeregex
|
|
|
|
|
# Notes.: regex to match timestamp in SSH logfile. For TAI64N format,
|
|
|
|
|
# use timeregex = @[0-9a-f]{24}
|
|
|
|
|
# Values: [Mar 7 17:53:28]
|
|
|
|
|
# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
|
|
|
#
|
|
|
|
|
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
|
|
|
|
|
|
|
|
|
|
# Option: timepattern
|
|
|
|
|
# Notes.: format used in "timeregex" fields definition. Note that '%' must be
|
|
|
|
|
# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
|
|
|
|
|
# For TAI64N format, use timepattern = tai64n
|
|
|
|
|
# Values: TEXT Default: %%b %%d %%H:%%M:%%S
|
|
|
|
|
#
|
|
|
|
|
timepattern = %%b %%d %%H:%%M:%%S
|
|
|
|
|
|
|
|
|
|
# Option: failregex
|
|
|
|
|
# Notes.: regex to match the password failures messages in the logfile.
|
|
|
|
|
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
|
|
|
|
|
#
|
2006-08-06 22:14:34 +00:00
|
|
|
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
|
2006-06-26 20:05:00 +00:00
|
|
|
|
