fail2ban/config/filter.d/slapd.conf

# slapd (Stand-alone LDAP Daemon) openldap daemon filter
#
# Detecting invalid credentials: error code 49
# http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#invalidCredentials (49)

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = slapd

failregex = ^(?P<__prefix>%(__prefix_line)s).* conn=(?P<pid>\d+) fd=\d+ ACCEPT from IP=<HOST>\:\d+ .+$<SKIPLINES>(?P=__prefix).+ conn=(?P=pid) .* RESULT .* err=49 .*$

ignoreregex =

[Init]

# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 20

# Author: Andrii Melnyk
adding openldap slapd filter 2016-07-08 01:50:57 +00:00			`# slapd (Stand-alone LDAP Daemon) openldap daemon filter`
			`#`
			`# Detecting invalid credentials: error code 49`
			`# http://www.openldap.org/doc/admin24/appendix-ldap-result-codes.html#invalidCredentials (49)`

* add `__prefix_line` to regex * fix time in log file 2016-07-08 02:29:51 +00:00			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# common.local`
			`before = common.conf`

adding openldap slapd filter 2016-07-08 01:50:57 +00:00			`[Definition]`

* add `__prefix_line` to regex * fix time in log file 2016-07-08 02:29:51 +00:00			`_daemon = slapd`

			`failregex = ^(?P<__prefix>%(__prefix_line)s).* conn=(?P<pid>\d+) fd=\d+ ACCEPT from IP=<HOST>\:\d+ .+$<SKIPLINES>(?P=__prefix).+ conn=(?P=pid) .* RESULT .* err=49 .*$`
adding openldap slapd filter 2016-07-08 01:50:57 +00:00
			`ignoreregex =`

			`[Init]`

			`# "maxlines" is number of log lines to buffer for multi-line regex searches`
			`maxlines = 20`

			`# Author: Andrii Melnyk`