fail2ban/config/filter.d/xinetd-fail.conf

# Fail2Ban filter for xinetd failures
#
# Cfr.: /var/log/(daemon\.|sys)log
#
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = xinetd

prefregex = ^%(__prefix_line)sFAIL: <F-CONTENT>.+</F-CONTENT>$

failregex = ^\S+ address from=<HOST>$
            ^\S+ libwrap from=<HOST>$

ignoreregex = 

# DEV Notes:
#
# libwrap => tcp wrappers: hosts.(allow|deny)
# address => xinetd: deny_from|only_from
#
# Author: Guido Bozzetto
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban filter for xinetd failures`
- Fixed Debian bug #461426 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 22:35:09 +00:00			`#`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Cfr.: /var/log/(daemon\.\|sys)log`
- Fixed Debian bug #461426 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 22:35:09 +00:00			`#`
			`#`

ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 14:44:09 +00:00			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# common.local`
			`before = common.conf`

- Fixed Debian bug #461426 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 22:35:09 +00:00			`[Definition]`

ENH: Improve xinetd-fail regex and add sample logs 2013-07-21 14:44:09 +00:00			`_daemon = xinetd`

Several filters optimized with pre-filtering using new option `prefregex` 2017-02-21 14:54:59 +00:00			`prefregex = ^%(__prefix_line)sFAIL: <F-CONTENT>.+</F-CONTENT>$`

			`failregex = ^\S+ address from=<HOST>$`
			`^\S+ libwrap from=<HOST>$`
- Fixed Debian bug #461426 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@667 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 22:35:09 +00:00
			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
			`# DEV Notes:`
			`#`
			`# libwrap => tcp wrappers: hosts.(allow\|deny)`
			`# address => xinetd: deny_from\|only_from`
			`#`
			`# Author: Guido Bozzetto`