# Fail2Ban configuration file # for Oracle IMS with XML logging # # Author: Joel Snyder/jms@opus1.com/2014-June-01 # # [INCLUDES] # Read common prefixes. # If any customizations available -- read them from # common.local before = common.conf [Definition] # Option: failregex # Notes.: regex to match the password failures messages # in the logfile. The host must be matched by a # group named "host". The tag "" can # be used for standard IP/hostname matching and is # only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # # # CONFIGURATION REQUIREMENTS FOR ORACLE IMS v6 and ABOVE: # # In OPTION.DAT you must have LOG_FORMAT=4 and # bit 5 of LOG_CONNECTION must be set. # # Many of these sub-fields are optional and can be turned on and off # by the system manager. We need the "tr" field # (transport information (present if bit 5 of LOG_CONNECTION is # set and transport information is available)). # "di" should be there by default if you have LOG_FORMAT=4. # Do not use "mi" as this is not included by default. # # Typical line IF YOU ARE USING TAGGING ! ! ! is: # # Format is generally documented in the PORT_ACCESS mapping # at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html # # All that would be on one line. # Note that you MUST have LOG_FORMAT=4 for this to work! # failregex = ^.*tr="[A-Z]+\|[0-9.]+\|\d+\|\|\d+" ap="[^"]*" mi="Bad password" us="[^"]*" di="535 5.7.8 Bad username or password( \(Authentication failed\))?\."/>$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =