Rev 34 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban filter for monit.conf, looks for failed access attempts##[INCLUDES]# Read common prefixes. If any customizations available -- read them from# common.localbefore = common.conf[Definition]_daemon = monit# Regexp for previous (accessing monit httpd) and new (access denied) versionsfailregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied (?:unknown user '[^']+'|wrong password for user '[^']*') accessing monit httpd$^%(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '[^']+'|wrong password for user '[^']*'|empty password)$# Ignore login with empty user (first connect, no user specified)# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')ignoreregex =