# Fail2Ban configuration file for generic PAM authentication errors # [INCLUDES] before = common.conf [Definition] # if you want to catch only login errors from specific daemons, use something like #_ttys_re=(?:ssh|pure-ftpd|ftp) # # Default: catch all failed logins _ttys_re=\S* __pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:? _daemon = \S+ prefregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure;(?:\s+(?:(?:logname|e?uid)=\S*)){0,3} tty=%(_ttys_re)s .+$ failregex = ^ruser=(?:\S*|.*?) rhost=(?:\s+user=(?:\S*|.*?))?\s*$ ignoreregex = datepattern = {^LN-BEG} # DEV Notes: # # for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release) # _daemon = \S*\(?pam_unix\)? # failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=(?:\s+user=.*)?\s*$ # # Author: Yaroslav Halchenko