Fail2Ban

Email Archive: fail2ban-commit (read-only)

2006:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul (1)	_Aug (1)	_Sep	_Oct	_Nov	_Dec (24)
2007:	_Jan (31)	_Feb (17)	_Mar (14)	_Apr (5)	_May (14)	_Jun (8)	_Jul (9)	_Aug (14)	_Sep (4)	_Oct (5)	_Nov (3)	_Dec (14)
2008:	_Jan (6)	_Feb (5)	_Mar (29)	_Apr (6)	_May (12)	_Jun	_Jul (5)	_Aug (7)	_Sep	_Oct (5)	_Nov	_Dec
2009:	_Jan (7)	_Feb (8)	_Mar	_Apr	_May	_Jun	_Jul	_Aug (17)	_Sep (6)	_Oct	_Nov	_Dec (2)
2010:	_Jan	_Feb	_Mar (1)	_Apr	_May (1)	_Jun (3)	_Jul	_Aug	_Sep (4)	_Oct	_Nov	_Dec
2011:	_Jan	_Feb	_Mar (10)	_Apr	_May (1)	_Jun (2)	_Jul (3)	_Aug (9)	_Sep (1)	_Oct	_Nov	_Dec

[Fail2ban-commit] SF.net SVN: fail2ban:[774] branches/FAIL2BAN-0_8/config/filter.d/proftpd. conf

From: <yarikoptic@us...> - 2011-03-23 20:37

Revision: 774
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=774&view=rev
Author:   yarikoptic
Date:     2011-03-23 20:37:10 +0000 (Wed, 23 Mar 2011)

Log Message:
-----------
BF: Allow for trailing spaces in proftpd logs

See http://bugs.debian.org/507986

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf

Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf	2011-03-23 20:37:00 UTC (rev 773)
+++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf	2011-03-23 20:37:10 UTC (rev 774)
@@ -14,10 +14,10 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
-failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
-            \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
-            \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
-            \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
+failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+ *$
+            \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\. *$
+            \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\. *$
+            \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Fail2ban-commit] SF.net SVN: fail2ban:[775] branches/FAIL2BAN-0_8/config/filter.d/proftpd. conf

From: <yarikoptic@us...> - 2011-03-23 20:37

Revision: 775
          http://fail2ban.svn.sourceforge.net/fail2ban/?rev=775&view=rev
Author:   yarikoptic
Date:     2011-03-23 20:37:19 +0000 (Wed, 23 Mar 2011)

Log Message:
-----------
BF: proftpd filter -- if login failed -- count regardless of the reason for failure

Modified Paths:
--------------
    branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf

Modified: branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf
===================================================================
--- branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf	2011-03-23 20:37:10 UTC (rev 774)
+++ branches/FAIL2BAN-0_8/config/filter.d/proftpd.conf	2011-03-23 20:37:19 UTC (rev 775)
@@ -15,7 +15,7 @@
 # Values: TEXT
 #
 failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+ *$
-            \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\. *$
+            \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): .*$
             \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\. *$
             \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.