22 lines
767 B
Plaintext
22 lines
767 B
Plaintext
|
# Fail2Ban filter for monit.conf, looks for failed access attempts
|
||
|
#
|
||
|
#
|
||
|
|
||
|
[INCLUDES]
|
||
|
|
||
|
# Read common prefixes. If any customizations available -- read them from
|
||
|
# common.local
|
||
|
before = common.conf
|
||
|
|
||
|
[Definition]
|
||
|
|
||
|
_daemon = monit
|
||
|
|
||
|
# Regexp for previous (accessing monit httpd) and new (access denied) versions
|
||
|
failregex = ^\[\s*\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied (?:unknown user '[^']+'|wrong password for user '[^']*') accessing monit httpd$
|
||
|
^%(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '[^']+'|wrong password for user '[^']*'|empty password)$
|
||
|
|
||
|
# Ignore login with empty user (first connect, no user specified)
|
||
|
# ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '')
|
||
|
ignoreregex =
|