# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# The regex here also relates to a exploit:
#
#  http://www.securityfocus.com/bid/17958/exploit
#  The example code here shows the pushing of the exploit straight after
#  reading the server version. This is where the client version string normally
#  pushed. As such the server will read this unparsible information as
#  "Did not receive identification string".

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = sshd

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =