# Fail2Ban configuration file for named (bind9). Trying to generalize the # structure which is general to capture general patterns in log # lines to cover different configurations/distributions # # Author: Yaroslav Halchenko # # $Revision: 699 $ # [Definition] # # Daemon name _daemon=named # # Shortcuts for easier comprehension of the failregex __pid_re=(?:\[\d+\]) __daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:? __daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:) # hostname daemon_id spaces # this can be optional (for instance if we match named native log files) __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)? # Option: failregex # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT # failregex = %(__line_prefix)sclient #\S+: query(?: \(cache\))? '.*' denied\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =