| 4 |
- |
1 |
# Fail2Ban filter for pureftp
|
|
|
2 |
#
|
| 5 |
- |
3 |
# Disable hostname based logging by:
|
| 4 |
- |
4 |
#
|
| 5 |
- |
5 |
# Start pure-ftpd with the -H switch or on Ubuntu 'echo yes > /etc/pure-ftpd/conf/DontResolve'
|
| 4 |
- |
6 |
#
|
| 5 |
- |
7 |
#
|
|
|
8 |
|
| 4 |
- |
9 |
[INCLUDES]
|
|
|
10 |
|
|
|
11 |
before = common.conf
|
|
|
12 |
|
|
|
13 |
[Definition]
|
|
|
14 |
|
| 5 |
- |
15 |
_daemon = pure-ftpd
|
|
|
16 |
|
| 4 |
- |
17 |
# Error message specified in multiple languages
|
| 34 |
- |
18 |
__errmsg = (?:Godkendelse mislykkedes for \[.*\]|Authentifizierung fehlgeschlagen für Benutzer \[.*\].|Authentication failed for user \[.*\]|Autentificación fallida para el usuario \[.*\]|\[.*\] c'est un batard, il connait pas son code|Erreur d'authentification pour l'utilisateur \[.*\]|Azonosítás sikertelen \[.*\] felhasználónak|Autenticazione falita per l'utente \[.*\]|Autorisatie faalde voor gebruiker \[.*\]|Godkjennelse mislyktes for \[.*\]|\[.*\] kullanýcýsý için giriþ hatalý|Autenticação falhou para usuário \[.*\]|Autentificare esuata pentru utilizatorul \[.*\]|Autentifikace uživatele selhala \[.*\]|Autentyfikacja nie powiodła się dla użytkownika \[.*\]|Autentifikacia uzivatela zlyhala \[.*\]|Behörighetskontroll misslyckas för användare \[.*\]|Авторизация не удалась пользователю \[.*\]|\[.*\] 嶸盪 檣隸 褒ぬ|妏蚚氪\[.*\]桄痐囮啖|使用者\[.*\]驗證失敗)
|
| 4 |
- |
19 |
|
| 5 |
- |
20 |
failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s\s*$
|
| 4 |
- |
21 |
|
|
|
22 |
ignoreregex =
|
|
|
23 |
|
| 87 |
- |
24 |
[Init]
|
|
|
25 |
|
|
|
26 |
journalmatch = _SYSTEMD_UNIT=pure-ftpd.service + _COMM=pure-ftpd
|
|
|
27 |
|
| 4 |
- |
28 |
# Author: Cyril Jaquier
|
|
|
29 |
# Modified: Yaroslav Halchenko for pure-ftpd
|
| 5 |
- |
30 |
# Documentation thanks to Blake on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal
|
| 34 |
- |
31 |
# UTF-8 editing and mechanism thanks to Johannes Weberhofer
|
| 5 |
- |
32 |
#
|
|
|
33 |
# Only logs to syslog though facility can be changed configuration file/command line
|
|
|
34 |
#
|
| 34 |
- |
35 |
# To get messages in the right encoding:
|
|
|
36 |
# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[defhint]* | grep -Po '".?"' | recode latin1..utf-8 | tr -d '"' > messages
|
|
|
37 |
# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[pr][to] | grep -Po '".?"' | recode latin1..utf-8 | tr -d '"' >> messages
|
|
|
38 |
# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[cps][slkv] | grep -Po '".?"' | recode latin2..utf-8 | tr -d '"' >> messages
|
|
|
39 |
# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_ru | grep -Po '".?"' | recode KOI8-R..utf-8 | tr -d '"' >> messages
|
|
|
40 |
# grep MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src/messages_[kz] | grep -Po '".*?"' | tr -d '"' | recode big5..utf-8 >> messages
|