Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1
# Fail2Ban configuration file
2
# for Oracle IMS with XML logging
3
#
4
# Author: Joel Snyder/jms@opus1.com/2014-June-01
5
#
6
#
7
 
8
 
9
[INCLUDES]
10
 
11
# Read common prefixes.
12
# If any customizations available -- read them from
13
# common.local
14
before = common.conf
15
 
16
 
17
[Definition]
18
 
19
# Option:  failregex
20
# Notes.:  regex to match the password failures messages
21
# in the logfile. The host must be matched by a
22
# group named "host". The tag "<HOST>" can
23
# be used for standard IP/hostname matching and is
24
# only an alias for
25
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
26
# Values:  TEXT
27
#
28
#
29
# CONFIGURATION REQUIREMENTS FOR ORACLE IMS v6 and ABOVE:
30
#
31
# In OPTION.DAT you must have LOG_FORMAT=4 and
32
#  bit 5 of LOG_CONNECTION must be set.
33
#
34
# Many of these sub-fields are optional and can be turned on and off
35
# by the system manager.  We need the "tr" field
36
#  (transport information (present if bit 5 of LOG_CONNECTION is
37
# set and transport information is available)).
38
# "di" should be there by default if you have LOG_FORMAT=4.
39
# Do not use "mi" as this is not included by default.
40
#
41
# Typical line IF YOU ARE USING TAGGING ! ! ! is:
42
# <co ts="2014-06-02T09:45:50.29" pi="123f.3f8.4397"
43
# sc="tcp_local" dr="+" ac="U"
44
# tr="TCP|192.245.12.223|25|151.1.71.144|59762" ap="SMTP"
45
# mi="Bad password"
46
# us="01ko8hqnoif09qx0np@imap.opus1.com"
47
# di="535 5.7.8 Bad username or password (Authentication failed)."/>
48
# Format is generally documented in the PORT_ACCESS mapping
49
# at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html
50
#
51
# All that would be on one line.
52
# Note that you MUST have LOG_FORMAT=4 for this to work!
53
#
54
 
55
failregex = tr="[A-Z]+\|[0-9.]+\|\d+\|<HOST>\|\d+" ap="[^"]*" mi="Bad password" us="[^"]*" di="535 5.7.8 Bad username or password( \(Authentication failed\))?\."/>$
56
 
57
# Option:  ignoreregex
58
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
59
# Values:  TEXT
60
#
61
ignoreregex =
62
 
63
datepattern = ^<co ts="{DATE}"\s+