mirror of https://github.com/fail2ban/fail2ban
26 lines
787 B
Plaintext
26 lines
787 B
Plaintext
# Fail2Ban filter for monit.conf, looks for failed access attempts
|
|
#
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# common.local
|
|
before = common.conf
|
|
|
|
# [DEFAULT]
|
|
# logtype = short
|
|
|
|
[Definition]
|
|
|
|
_daemon = monit
|
|
|
|
_prefix = Warning|HttpRequest
|
|
|
|
# Regexp for previous (accessing monit httpd) and new (access denied) versions
|
|
failregex = ^%(__prefix_line)s(?:error\s*:\s+)?(?:%(_prefix)s):\s+(?:access denied\s+--\s+)?[Cc]lient '?<HOST>'?(?:\s+supplied|\s*:)\s+(?:unknown user '<F-ALT_USER>[^']+</F-ALT_USER>'|wrong password for user '<F-USER>[^']*</F-USER>'|empty password)
|
|
|
|
# Ignore login with empty user (first connect, no user specified)
|
|
# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')
|
|
ignoreregex =
|