add vsftpd filter to fail2ban

28b2bf28 · Vitaly Lipatov · 5bd6cbf7 · 28b2bf28 · 28b2bf28
Commit 28b2bf28 authored Feb 17, 2014 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 0 deletions

vsftpd.conf fail2ban/filter.d/vsftpd.conf +26 -0

vsftpd fail2ban/test.d/vsftpd +2 -0

No files found.
--- a/fail2ban/filter.d/vsftpd.conf
+++ b/fail2ban/filter.d/vsftpd.conf
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+[Definition]
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
+            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
+            FTP response: Client "<HOST>", "530 
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
--- a/fail2ban/test.d/vsftpd
+++ b/fail2ban/test.d/vsftpd
 Wed Oct  9 12:14:45 2013 [pid 16470] [ftpkoochy] FAIL LOGIN: Client "95.32.141.118"
+Fri Dec 20 14:00:29 2013 [pid 25595] [changeme] FTP response: Client "190.81.24.243", "530 Permission denied."
+Fri Dec 20 13:27:17 2013 [pid 29637] [azbyka] FTP response: Client "190.81.24.243", "530 Login incorrect."