diff options
Diffstat (limited to 'config/filter.d/proftpd.conf')
-rw-r--r-- | config/filter.d/proftpd.conf | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf index a7bd2837..71f2ba73 100644 --- a/config/filter.d/proftpd.conf +++ b/config/filter.d/proftpd.conf @@ -1,4 +1,4 @@ -# Fail2Ban fitler for the Proftpd FTP daemon +# Fail2Ban filter for the Proftpd FTP daemon # # Set "UseReverseDNS off" in proftpd.conf to avoid the need for DNS. # See: http://www.proftpd.org/docs/howto/DNS.html @@ -14,16 +14,15 @@ before = common.conf _daemon = proftpd -__suffix_failed_login = (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit (access|configuration) denies login|Not a UserAlias|maximum login length exceeded).? +__suffix_failed_login = ([uU]ser not authorized for login|[nN]o such user found|[iI]ncorrect password|[pP]assword expired|[aA]ccount disabled|[iI]nvalid shell: '\S+'|[uU]ser in \S+|[lL]imit (access|configuration) denies login|[nN]ot a UserAlias|[mM]aximum login length exceeded) -prefregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ <F-CONTENT>(?:USER|SECURITY|Maximum).+</F-CONTENT>$ +prefregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ <F-CONTENT>(?:USER|SECURITY|Maximum) .+</F-CONTENT>$ -failregex = ^USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$ - ^USER .* \(Login failed\): %(__suffix_failed_login)s\s*$ - ^SECURITY VIOLATION: .* login attempted\. *$ - ^Maximum login attempts \(\d+\) exceeded *$ +failregex = ^USER <F-USER>\S+|.*?</F-USER>(?: \(Login failed\))?: %(__suffix_failed_login)s + ^SECURITY VIOLATION: <F-USER>\S+|.*?</F-USER> login attempted + ^Maximum login attempts \(\d+\) exceeded ignoreregex = |