View Single Post
  #13  
Old 9th November 2010, 16:59
Toxin Toxin is offline
Junior Member
 
Join Date: Oct 2010
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

Here it is:

Code:
[root@skynet ~]# ls -la /etc/fail2ban/filter.d/
total 116
drwxr-xr-x 2 root root 4096 30 juil. 17:41 .
drwxr-xr-x 4 root root 4096 30 juil. 17:41 ..
-rw-r--r-- 1 root root  711  8 févr.  2009 apache-auth.conf
-rw-r--r-- 1 root root 2396  5 mars   2008 apache-badbots.conf
-rw-r--r-- 1 root root  628 13 oct.   2008 apache-nohome.conf
-rw-r--r-- 1 root root  763  8 févr.  2009 apache-noscript.conf
-rw-r--r-- 1 root root  444  5 mars   2008 apache-overflows.conf
-rw-r--r-- 1 root root 1039  8 févr.  2009 common.conf
-rw-r--r-- 1 root root  616  8 févr.  2009 courierlogin.conf
-rw-r--r-- 1 root root  591  8 févr.  2009 couriersmtp.conf
-rw-r--r-- 1 root root 1012  8 févr.  2009 cyrus-imap.conf
-rw-r--r-- 1 root root  613  8 févr.  2009 exim.conf
-rw-r--r-- 1 root root  447 22 mai    2008 gssftpd.conf
-rw-r--r-- 1 root root  397 30 août   2009 lighttpd-fastcgi.conf
-rw-r--r-- 1 root root 1013  9 févr.  2009 named-refused.conf
-rw-r--r-- 1 root root  870 22 mai    2008 pam-generic.conf
-rw-r--r-- 1 root root  867 30 août   2009 php-url-fopen.conf
-rw-r--r-- 1 root root  591  8 févr.  2009 postfix.conf
-rw-r--r-- 1 root root  878  8 févr.  2009 proftpd.conf
-rw-r--r-- 1 root root  886  8 nov.  10:19 pure-ftpd.conf
-rw-r--r-- 1 root root  606  8 févr.  2009 qmail.conf
-rw-r--r-- 1 root root  679  8 févr.  2009 sasl.conf
-rw-r--r-- 1 root root  581  3 févr.  2009 sieve.conf
-rw-r--r-- 1 root root 1648  8 févr.  2009 sshd.conf
-rw-r--r-- 1 root root  627  8 févr.  2009 sshd-ddos.conf
-rw-r--r-- 1 root root  700  8 févr.  2009 vsftpd.conf
-rw-r--r-- 1 root root  827  8 févr.  2009 webmin-auth.conf
-rw-r--r-- 1 root root  437 22 mai    2008 wuftpd.conf
-rw-r--r-- 1 root root  848  8 févr.  2009 xinetd-fail.conf
[root@skynet ~]#

Contents of pure-ftp.conf
Code:
[root@skynet ~]# cat /etc/fail2ban/filter.d/pure-ftpd.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd
#
# $Revision: 3$
#

[Definition]

# Error message specified in multiple languages
__errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)

#
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#         host must be matched by a group named "host". The tag "<HOST>" can
#         be used for standard IP/hostname matching and is only an alias for
#         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$


# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

[root@skynet ~]#
cat /etc/fail2ban/filter.d/pure-ftpd.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd
#
# $Revision: 3$
#

[Definition]

# Error message specified in multiple languages
__errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)

#
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#         host must be matched by a group named "host". The tag "<HOST>" can
#         be used for standard IP/hostname matching and is only an alias for
#         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$


# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

[root@skynet ~]#

Last edited by Toxin; 9th November 2010 at 17:02. Reason: add of pure-ftp.conf
Reply With Quote