Blame | Last modification | View Log | RSS feed
# Fail2Ban configuration file# for Oracle IMS with XML logging## Author: Joel Snyder/jms@opus1.com/2014-June-01##[INCLUDES]# Read common prefixes.# If any customizations available -- read them from# common.localbefore = common.conf[Definition]# Option: failregex# Notes.: regex to match the password failures messages# in the logfile. The host must be matched by a# group named "host". The tag "<HOST>" can# be used for standard IP/hostname matching and is# only an alias for# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)# Values: TEXT### CONFIGURATION REQUIREMENTS FOR ORACLE IMS v6 and ABOVE:## In OPTION.DAT you must have LOG_FORMAT=4 and# bit 5 of LOG_CONNECTION must be set.## Many of these sub-fields are optional and can be turned on and off# by the system manager. We need the "tr" field# (transport information (present if bit 5 of LOG_CONNECTION is# set and transport information is available)).# "di" should be there by default if you have LOG_FORMAT=4.# Do not use "mi" as this is not included by default.## Typical line IF YOU ARE USING TAGGING ! ! ! is:# <co ts="2014-06-02T09:45:50.29" pi="123f.3f8.4397"# sc="tcp_local" dr="+" ac="U"# tr="TCP|192.245.12.223|25|151.1.71.144|59762" ap="SMTP"# mi="Bad password"# us="01ko8hqnoif09qx0np@imap.opus1.com"# di="535 5.7.8 Bad username or password (Authentication failed)."/># Format is generally documented in the PORT_ACCESS mapping# at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html## All that would be on one line.# Note that you MUST have LOG_FORMAT=4 for this to work!#failregex = ^.*tr="[A-Z]+\|[0-9.]+\|\d+\|<HOST>\|\d+" ap="[^"]*" mi="Bad password" us="[^"]*" di="535 5.7.8 Bad username or password( \(Authentication failed\))?\."/>$# Option: ignoreregex# Notes.: regex to ignore. If this regex matches, the line is ignored.# Values: TEXT#ignoreregex =