| 4 |
- |
1 |
# Fail2Ban filter for repeat bans
|
|
|
2 |
#
|
|
|
3 |
# This filter monitors the fail2ban log file, and enables you to add long
|
|
|
4 |
# time bans for ip addresses that get banned by fail2ban multiple times.
|
|
|
5 |
#
|
|
|
6 |
# Reasons to use this: block very persistent attackers for a longer time,
|
|
|
7 |
# stop receiving email notifications about the same attacker over and
|
|
|
8 |
# over again.
|
|
|
9 |
#
|
|
|
10 |
# This jail is only useful if you set the 'findtime' and 'bantime' parameters
|
|
|
11 |
# in jail.conf to a higher value than the other jails. Also, this jail has its
|
|
|
12 |
# drawbacks, namely in that it works only with iptables, or if you use a
|
|
|
13 |
# different blocking mechanism for this jail versus others (e.g. hostsdeny
|
|
|
14 |
# for most jails, and shorewall for this one).
|
|
|
15 |
|
|
|
16 |
[INCLUDES]
|
|
|
17 |
|
|
|
18 |
# Read common prefixes. If any customizations available -- read them from
|
|
|
19 |
# common.local
|
|
|
20 |
before = common.conf
|
|
|
21 |
|
|
|
22 |
[Definition]
|
|
|
23 |
|
| 34 |
- |
24 |
_daemon = fail2ban\.actions\s*
|
| 4 |
- |
25 |
|
|
|
26 |
# The name of the jail that this filter is used for. In jail.conf, name the
|
|
|
27 |
# jail using this filter 'recidive', or change this line!
|
|
|
28 |
_jailname = recidive
|
|
|
29 |
|
| 34 |
- |
30 |
failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
|
| 4 |
- |
31 |
|
| 34 |
- |
32 |
ignoreregex =
|
|
|
33 |
|
|
|
34 |
[Init]
|
|
|
35 |
|
|
|
36 |
journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
|
|
|
37 |
|
| 4 |
- |
38 |
# Author: Tom Hendrikx, modifications by Amir Caspi
|