blob: d95f96b46696cccb3c8271589b01ece0cfdc6a6e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# Fail2Ban filter for dante
#
# Make sure you have "log: error" set in your "client pass" directive
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = danted
failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$
[Init]
journalmatch = _SYSTEMD_UNIT=danted.service
|
