fail2ban/config/filter.d/pam-generic.conf

32 lines
870 B
Plaintext

# Fail2Ban configuration file for generic PAM authentication errors
#
# Author: Yaroslav Halchenko
#
# $Revision: $
#
[Definition]
# if you want to catch only login erros from specific daemons, use smth like
#_ttys_re=(?:ssh|pure-ftpd|ftp)
# To catch all failed logins
_ttys_re=\S*
#
# Shortcuts for easier comprehension of the failregex
__pid_re=(?:\[\d+\])
__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =