# Fail2Ban filter for vsftp # # Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch # /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the # incoming ip address rather than domain names. [INCLUDES] before = common.conf [Definition] __pam_re=\(?pam_unix(?:\(\S+\))?\)?:? _daemon = vsftpd failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=(?:\s+user=.*)?\s*$ ^ \[pid \d+\] \[.+\] FAIL LOGIN: Client ""\s*$ ignoreregex = # Author: Cyril Jaquier # Documentation from fail2ban wiki