# Fail2Ban filter for dante
#
# Make sure you have "log: error" set in your "client pass" directive
#

[INCLUDES]
before = common.conf

[Definition]
_daemon = danted

failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (?:could not access |system password authentication failed for )user "<F-USER>[^"]+</F-USER>"

[Init]
journalmatch = _SYSTEMD_UNIT=danted.service