mirror of https://github.com/fail2ban/fail2ban
Created oracleims.conf to catch messages from Sun/Oracle Communications Messaging Server v6.3 and above (including v7)pull/734/head
parent
98daa9d301
commit
9b7c35810a
@ -0,0 +1,59 @@
|
|||||||
|
# Fail2Ban configuration file
|
||||||
|
# for Oracle IMS with XML logging
|
||||||
|
#
|
||||||
|
# Author: Joel Snyder/jms@opus1.com/2014-June-01
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# Read common prefixes.
|
||||||
|
# If any customizations available -- read them from
|
||||||
|
# common.local
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
# Option: failregex
|
||||||
|
# Notes.: regex to match the password failures messages
|
||||||
|
# in the logfile. The host must be matched by a
|
||||||
|
# group named "host". The tag "<HOST>" can
|
||||||
|
# be used for standard IP/hostname matching and is
|
||||||
|
# only an alias for
|
||||||
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# CONFIGURATION REQUIREMENTS FOR ORACLE IMS v6 and ABOVE:
|
||||||
|
#
|
||||||
|
# In OPTION.DAT you must have LOG_FORMAT=4 and
|
||||||
|
# bit 5 of LOG_CONNECTION must be set.
|
||||||
|
#
|
||||||
|
# Many of these sub-fields are optional and can be turned on and off
|
||||||
|
# by the system manager. We need the "tr" field
|
||||||
|
# (transport information (present if bit 5 of LOG_CONNECTION is
|
||||||
|
# set and transport information is available)).
|
||||||
|
# "di" should be there by default if you have LOG_FORMAT=4.
|
||||||
|
# Do not use "mi" as this is not included by default.
|
||||||
|
#
|
||||||
|
# Typical line IF YOU ARE USING TAGGING ! ! ! is:
|
||||||
|
# <co ts="2014-06-02T09:45:50.29" pi="123f.3f8.4397"
|
||||||
|
# sc="tcp_local" dr="+" ac="U"
|
||||||
|
# tr="TCP|192.245.12.223|25|151.1.71.144|59762" ap="SMTP"
|
||||||
|
# mi="Bad password"
|
||||||
|
# us="01ko8hqnoif09qx0np@imap.opus1.com"
|
||||||
|
# di="535 5.7.8 Bad username or password (Authentication failed)."/>
|
||||||
|
#
|
||||||
|
# All that would be on one line.
|
||||||
|
# Note that you MUST have LOG_FORMAT=4 for this to work!
|
||||||
|
#
|
||||||
|
|
||||||
|
failregex = ^.*tr=".*\|.*\|\d+\|<HOST>\|\d+" .+ Bad username or password.*"/>$
|
||||||
|
|
||||||
|
# Option: ignoreregex
|
||||||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||||
|
# Values: TEXT
|
||||||
|
#
|
||||||
|
ignoreregex =
|
Loading…
Reference in new issue