mirror of https://github.com/fail2ban/fail2ban
47 lines
2.2 KiB
Plaintext
Executable File
47 lines
2.2 KiB
Plaintext
Executable File
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
## 00_pam_generic.dpatch by Yaroslav Halchenko <debian@onerussian.com>
|
|
##
|
|
## All lines beginning with `## DP:' are a description of the patch.
|
|
## DP: Filter and examples for a filter generic for any login errors reported with pam_unix.so
|
|
|
|
@DPATCH@
|
|
diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-generic.conf
|
|
--- trunk~/config/filter.d/pam-generic.conf 1969-12-31 19:00:00.000000000 -0500
|
|
+++ trunk/config/filter.d/pam-generic.conf 2007-06-25 12:41:38.000000000 -0400
|
|
@@ -0,0 +1,26 @@
|
|
+# Fail2Ban configuration file for wuftpd
|
|
+#
|
|
+# Author: Yaroslav Halchenko
|
|
+#
|
|
+# $Revision: $
|
|
+#
|
|
+
|
|
+[Definition]
|
|
+
|
|
+# if you want to catch only login erros from specific daemons, use smth like
|
|
+#_ttys_re=(?:ssh|pure-ftpd)
|
|
+# To catch all failed logins
|
|
+_ttys_re=\S*
|
|
+
|
|
+#
|
|
+# Shortcuts for easier comprehension of the failregex
|
|
+__pid_re=(?:\[\d+\])
|
|
+__pam_re=\(pam_unix\)
|
|
+__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
|
|
+
|
|
+# Option: failregex
|
|
+# Notes.: regex to match the password failures messages in the logfile.
|
|
+# Values: TEXT
|
|
+#
|
|
+failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
|
+
|
|
diff -urNad trunk~/config/filter.d/pam-generic.examples trunk/config/filter.d/pam-generic.examples
|
|
--- trunk~/config/filter.d/pam-generic.examples 1969-12-31 19:00:00.000000000 -0500
|
|
+++ trunk/config/filter.d/pam-generic.examples 2007-06-25 12:41:38.000000000 -0400
|
|
@@ -0,0 +1,5 @@
|
|
+Feb 7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1
|
|
+May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com user=root
|
|
+May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
|
|
+May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62 user=mark
|
|
+Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
|