mirror of https://github.com/fail2ban/fail2ban
ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample
For wu-ftpd configured to use pam, the pam filter used be used, as regex is more robust.pull/303/merge^2
parent
57a6c11260
commit
ab671b0b1a
|
@ -4,14 +4,21 @@
|
|||
#
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
# Read common prefixes. If any customizations available -- read them from
|
||||
# common.local
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = wu-ftpd
|
||||
|
||||
# Option: failregex
|
||||
# Notes.: regex to match the password failures messages in the logfile.
|
||||
# Values: TEXT
|
||||
#
|
||||
failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
|
||||
wu-ftpd(?:\[\d+\])?: *failed login from .*\[<HOST>\] *$
|
||||
failregex = ^%(__prefix_line)sfailed login from \S+ \[<HOST>\]$
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# This login line is from syslog
|
||||
# failJSON: { "time": "2004-10-06T09:59:26", "match": true , "host": "202.108.145.173" }
|
||||
Oct 6 09:59:26 myserver wu-ftpd[18760]: failed login from hj-145-173-a8.bta.net.cn [202.108.145.173]
|
||||
# failJSON: { "time": "2004-10-11T16:45:07", "match": true , "host": "198.51.100.71" }
|
||||
Oct 11 16:45:07 ubuntu wu-ftpd[2360]: failed login from example.com [198.51.100.71]
|
||||
|
|
Loading…
Reference in New Issue