Rev 33 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban filter for vsftp## Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the# incoming ip address rather than domain names.[INCLUDES]before = common.conf[Definition]__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?_daemon = vsftpdfailregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$^ \[pid \d+\] \[[^\]]+\] FAIL LOGIN: Client "<HOST>"(?:\s*$|,)ignoreregex =# Author: Cyril Jaquier# Documentation from fail2ban wiki