security/py-fail2ban/files/patch-bsdftp.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

--- /dev/null   2010-01-12 16:33:00.000000000 -0500
+++ ./config/filter.d/bsdftp.conf   2010-01-12 16:26:27.000000000 -0500
@@ -0,0 +1,40 @@
+# Fail2Ban configuration file
+#
+# Author: Ken Menzel
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = ftpd
+#
+#
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values: TEXT
+#
+failregex = ^%(__prefix_line)sFTP LOGIN FAILED FROM <HOST>,\s*.*$
+
+
+#  \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
+#     \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
+#     \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
+#     \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
+
+# May 28 15:11:53 freebsd4 ftpd[26191]: FTP LOGIN FAILED FROM freebsd4, dsf
+#
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =