samwiseetc/fail2ban/filter.d/monit.conf

# Fail2Ban filter for monit.conf, looks for failed access attempts
#
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = monit

# Regexp for previous (accessing monit httpd) and new (access denied) versions
failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied (?:unknown user '[^']+'|wrong password for user '[^']*') accessing monit httpd$
            ^%(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '[^']+'|wrong password for user '[^']*'|empty password)$

# Ignore login with empty user (first connect, no user specified)
# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')
ignoreregex =
Initial commit 7 years ago			`# Fail2Ban filter for monit.conf, looks for failed access attempts`
			`#`
			`#`

			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# common.local`
			`before = common.conf`

			`[Definition]`

			`_daemon = monit`

			`# Regexp for previous (accessing monit httpd) and new (access denied) versions`
			`failregex = ^\[[A-Z]+\s+\]\serror\s:\sWarning:\s+Client '<HOST>' supplied (?:unknown user '[^']+'\|wrong password for user '[^']') accessing monit httpd$`
			`^%(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '[^']+'\|wrong password for user '[^']*'\|empty password)$`

			`# Ignore login with empty user (first connect, no user specified)`
			`# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')`
			`ignoreregex =`