fail2ban/config/filter.d/vsftpd.conf

23 lines
627 B
Plaintext
Raw Normal View History

# Fail2Ban filter for vsftp
#
2014-01-05 00:30:56 +00:00
# Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch
# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the
# incoming ip address rather than domain names.
[INCLUDES]
before = common.conf
[Definition]
__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
_daemon = vsftpd
failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
^ \[pid \d+\] \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
ignoreregex =
# Author: Cyril Jaquier
2014-01-05 00:30:56 +00:00
# Documentation from fail2ban wiki