Rev 34 |
Details |
Compare with Previous |
Last modification |
View Log
| RSS feed
| Rev |
Author |
Line No. |
Line |
| 34 |
- |
1 |
# Fail2Ban filter for monit.conf, looks for failed access attempts
|
|
|
2 |
#
|
|
|
3 |
#
|
|
|
4 |
|
| 87 |
- |
5 |
[INCLUDES]
|
|
|
6 |
|
|
|
7 |
# Read common prefixes. If any customizations available -- read them from
|
|
|
8 |
# common.local
|
|
|
9 |
before = common.conf
|
|
|
10 |
|
| 34 |
- |
11 |
[Definition]
|
|
|
12 |
|
| 87 |
- |
13 |
_daemon = monit
|
| 34 |
- |
14 |
|
| 87 |
- |
15 |
# Regexp for previous (accessing monit httpd) and new (access denied) versions
|
|
|
16 |
failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied (?:unknown user '[^']+'|wrong password for user '[^']*') accessing monit httpd$
|
|
|
17 |
^%(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '[^']+'|wrong password for user '[^']*'|empty password)$
|
|
|
18 |
|
|
|
19 |
# Ignore login with empty user (first connect, no user specified)
|
|
|
20 |
# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')
|
| 34 |
- |
21 |
ignoreregex =
|