github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

made failregex universal for both PAM and native vsftpd logging

pull/3/head
Yaroslav Halchenko 2006-12-22 04:54:14 +00:00
parent 2e992c2353
commit ae96eaa40c
3 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@ -1,4 +1,4 @@
fail2ban (0.7.5-3~pre1) unstable; urgency=low
fail2ban (0.7.5-3~pre2) unstable; urgency=low
* Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
(Closes: #404060)

4
debian/jail.conf vendored
View File

@ -98,6 +98,10 @@ enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/vsftpd.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
maxretry = 6

4
debian/patches/10_vsftpd_regex.dpatch vendored
View File

@ -7,13 +7,13 @@
@DPATCH@
diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/filter.d/vsftpd.conf
--- fail2ban-0.7.5~/config/filter.d/vsftpd.conf 2006-11-19 16:34:49.000000000 -0500
+++ fail2ban-0.7.5/config/filter.d/vsftpd.conf 2006-12-21 11:46:30.000000000 -0500
+++ fail2ban-0.7.5/config/filter.d/vsftpd.conf 2006-12-21 23:50:14.000000000 -0500
@@ -13,7 +13,7 @@
# be used for standard IP/hostname matching.
# Values: TEXT
#
-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+failregex = \[.+\] FAIL LOGIN: Client "(?P<host>\S+)"$
+failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>|\[.+\] FAIL LOGIN: Client "<HOST>")$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.