# Fail2Ban configuration file for generic PAM authentication errors # # Author: Yaroslav Halchenko # # $Revision: $ # [Definition] # if you want to catch only login erros from specific daemons, use smth like #_ttys_re=(?:ssh|pure-ftpd|ftp) # To catch all failed logins _ttys_re=\S* # # Shortcuts for easier comprehension of the failregex __pid_re=(?:\[\d+\]) __pam_re=\(?pam_unix(?:\(\S+\))?\)?:? __pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:) # Option: failregex # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT # failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=(?:\s+user=.*)?\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =