Rev 3 | Rev 33 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban filter for vsftp## Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch# /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the# incoming ip address rather than domain names.[INCLUDES]before = common.conf[Definition]__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?_daemon = vsftpdfailregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$^ \[pid \d+\] \[.+\] FAIL LOGIN: Client "<HOST>"\s*$ignoreregex =# Author: Cyril Jaquier# Documentation from fail2ban wiki