mirror of https://github.com/fail2ban/fail2ban
parent
ae5fe2e003
commit
05c162ef10
@ -0,0 +1,16 @@
|
||||
# Fail2Ban filter for dante
|
||||
#
|
||||
# Make sure you have "log: error" set in your "client pass" directive
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
_daemon = danted
|
||||
|
||||
failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes in \d+ seconds: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$
|
||||
|
||||
[Init]
|
||||
journalmatch = _SYSTEMD_UNIT=danted.service
|
||||
|
@ -0,0 +1,4 @@
|
||||
# failJSON: { "time": "2005-04-14T15:35:03", "match": true , "host": "1.2.3.4" }
|
||||
Apr 14 15:35:03 vps111111 danted[17969]: info: block(1): tcp/accept ]: 1.2.3.4.50550 0.0.0.0.1080: error after reading 35 bytes in 0 seconds: could not access user "roooooooot"'s records in the system password file: no system error
|
||||
# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" }
|
||||
Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 18 bytes in 0 seconds: system password authentication failed for user "aland"
|
Loading…
Reference in new issue