2008-03-10 22:03:34 +00:00
|
|
|
# Fail2Ban configuration file for generic PAM authentication errors
|
|
|
|
#
|
2013-10-30 13:02:59 +00:00
|
|
|
|
2013-09-17 00:50:46 +00:00
|
|
|
[INCLUDES]
|
|
|
|
|
|
|
|
before = common.conf
|
2008-03-10 22:03:34 +00:00
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
2013-10-30 13:02:59 +00:00
|
|
|
# if you want to catch only login errors from specific daemons, use something like
|
2008-03-10 22:03:34 +00:00
|
|
|
#_ttys_re=(?:ssh|pure-ftpd|ftp)
|
2013-10-30 13:02:59 +00:00
|
|
|
#
|
|
|
|
# Default: catch all failed logins
|
2008-03-10 22:03:34 +00:00
|
|
|
_ttys_re=\S*
|
|
|
|
|
2015-01-27 21:34:27 +00:00
|
|
|
__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
|
2013-09-17 00:50:46 +00:00
|
|
|
_daemon = \S+
|
2008-03-10 22:03:34 +00:00
|
|
|
|
2018-03-20 15:00:21 +00:00
|
|
|
prefregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure;(?:\s+(?:(?:logname|e?uid)=\S*)){0,3} tty=%(_ttys_re)s <F-CONTENT>.+</F-CONTENT>$
|
2017-02-20 15:42:51 +00:00
|
|
|
|
2018-03-20 08:09:42 +00:00
|
|
|
failregex = ^ruser=<F-ALT_USER>(?:\S*|.*?)</F-ALT_USER> rhost=<HOST>(?:\s+user=<F-USER>(?:\S*|.*?)</F-USER>)?\s*$
|
2013-09-17 00:50:46 +00:00
|
|
|
|
2013-10-30 13:02:59 +00:00
|
|
|
ignoreregex =
|
|
|
|
|
2018-03-20 15:00:21 +00:00
|
|
|
datepattern = {^LN-BEG}
|
|
|
|
|
2013-10-30 13:02:59 +00:00
|
|
|
# DEV Notes:
|
|
|
|
#
|
|
|
|
# for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release)
|
2013-09-17 00:50:46 +00:00
|
|
|
# _daemon = \S*\(?pam_unix\)?
|
|
|
|
# failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
2008-05-21 22:17:00 +00:00
|
|
|
#
|
2013-10-30 13:02:59 +00:00
|
|
|
# Author: Yaroslav Halchenko
|