github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: Improve xinetd-fail regex and add sample logs

pull/303/merge^2
Steven Hiscocks 2013-07-21 15:44:09 +01:00
parent b5ffbced37
commit 4033857f63
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/filter.d/xinetd-fail.conf
View File

@ -4,8 +4,17 @@
# #
# #
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition] [Definition]
_daemon = xinetd
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The # Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can # host must be matched by a group named "host". The tag "<HOST>" can
@ -19,8 +28,8 @@
# load => xinetd: max_load (temporary problem) # load => xinetd: max_load (temporary problem)
# #
failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=<HOST>$ failregex = ^%(__prefix_line)sFAIL: \S+ address from=<HOST>$
xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=<HOST>$ ^%(__prefix_line)sFAIL: \S+ libwrap from=<HOST>$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

4
testcases/files/logs/xinetd-fail Normal file
View File

@ -0,0 +1,4 @@
# failJSON: { "time": "2005-05-15T17:38:49", "match": true , "host": "198.51.100.169" }
May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=198.51.100.169
# failJSON: { "time": "2005-08-03T14:38:49", "match": true , "host": "198.51.100.223" }
Aug 3 14:38:49 backup xinetd[31234]: FAIL: amanda libwrap from=198.51.100.223