Rev 6 |
Go to most recent revision |
Details |
Compare with Previous |
Last modification |
View Log
| RSS feed
| Rev |
Author |
Line No. |
Line |
| 3 |
- |
1 |
# Fail2Ban filter for vsftp
|
|
|
2 |
#
|
| 6 |
- |
3 |
# Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch
|
|
|
4 |
# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the
|
|
|
5 |
# incoming ip address rather than domain names.
|
| 3 |
- |
6 |
|
|
|
7 |
[INCLUDES]
|
|
|
8 |
|
|
|
9 |
before = common.conf
|
|
|
10 |
|
|
|
11 |
[Definition]
|
|
|
12 |
|
| 33 |
- |
13 |
__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
|
| 3 |
- |
14 |
_daemon = vsftpd
|
|
|
15 |
|
|
|
16 |
failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
|
|
|
17 |
^ \[pid \d+\] \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
|
|
|
18 |
|
|
|
19 |
ignoreregex =
|
|
|
20 |
|
|
|
21 |
# Author: Cyril Jaquier
|
| 6 |
- |
22 |
# Documentation from fail2ban wiki
|