# Fail2Ban configuration file
#
# $Revision$

[DEFAULT]

# firewall: select the firewall system to use. Actually,
# the available options are: iptables, ipfwadm, ipfw
firewall = iptables

# ipfw-start-rule: set the first rule number used by Fail2Ban.
# This option is only used if firewall = ipfw.
ipfw-start-rule = 100

# background: true to start fail2ban as a daemon. Output
# is redirect to logfile.
background = false

# debug: true to enable debug mode. More verbose output
# and bypass root user test.
debug = false

# pidlock: the path of the PID lock file. Fail2Ban must be
# able to write into that file.
#pidlock = /var/run/fail2ban.pid

# logfile: the path of the file for logging messages of
# fail2ban.
logfile = /var/log/fail2ban.log

# maxretry: the number of retry before IP gets ban.
maxretry = 3

# bantime: the number of seconds an IP will be ban.
bantime = 600

# ignoreip: a space separated list that contains IP which
# will be ignore by fail2ban. Example:
# ignoreip = 192.168.0.1 123.45.235.65
ignoreip = 

# interface: the interface name on which the IP will be
# banned.
interface = eth0

# polltime: the number of seconds that fail2ban sleeps
# between two iteration (check for IP to unban - parse
# log file). 1 is a good value.
polltime = 1

# You can define a new section for each log file to check for
# password failure. Each section has to define the following
# options: logfile, timeregex, timepattern, failregex.

[Apache]
# enabled: is this section active ?
enabled = true

# logfile: file to monitor.
logfile = log-test/apache

# timeregex: regular expression which have to match the
# timestamp of an Apache log event.
# [Wed Jan 05 15:08:01 2005]
timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}

# timepattern: indicates the "timeregex" fields signification.
# Notice that '%' must be espaced with '%'.
# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
timepattern = %%a %%b %%d %%H:%%M:%%S %%Y

# failregex: regular expression which have to match the
# message written in the log file in case of password failure.
failregex = authentication failure|user .* not found

[SSH]
# enabled: is this section active ?
enabled = true

# logfile: file to monitor.
logfile = log-test/current

# timeregex: regular expression which have to match the
# timestamp of an Apache log event.
# Mar  7 17:53:28
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}

# timepattern: indicates the "timeregex" fields signification.
# Notice that '%' must be espaced with '%'.
# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
timepattern = %%b %%d %%H:%%M:%%S

# failregex: regular expression which have to match the
# message written in the log file in case of password failure.
failregex = Authentication failure|Failed password