From: Zembower, K. <kze...@jh...> - 2008-03-31 16:17:41
|
In case anyone's interested, I created this filter for GSSFTPD: [root@tobacco fail2ban]# cat filter.d/gssftpd.conf # Fail2Ban configuration file for wuftpd # # Author: Kevin Zembower (copied from wsftpd.conf) # # $Revision: 1 $ # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT # failregex = ftpd(?:\[\d+\])?:\s+repeated login failures from <HOST> \(\S+\)$ [root@tobacco fail2ban]# I added this section to /etc/fail2ban/jail.conf to accommodate it: [gssftpd-iptables] enabled = true filter = gssftpd action = iptables[name=GSSFTPD, port=ftp, protocol=tcp] sendmail-whois[name=GSSFTPD, dest=yo...@ma...] logpath = /var/log/messages maxretry = 3 Feel free to incorporate these into a future release of fail2ban, if desired. -Kevin Kevin Zembower Internet Services Group manager Center for Communication Programs Bloomberg School of Public Health Johns Hopkins University 111 Market Place, Suite 310 Baltimore, Maryland 21202 410-659-6139 |