# Fail2Ban filter for webmin
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = webmin

failregex = ^%(__prefix_line)sNon-existent login as .+ from <HOST>\s*$
            ^%(__prefix_line)sInvalid login as .+ from <HOST>\s*$

ignoreregex = 

# DEV Notes:
#
# pattern :     webmin[15673]: Non-existent login as toto from 86.0.6.217
#               webmin[29544]: Invalid login as root from 86.0.6.217
#
# Rule Author: Delvit Guillaume