Menu
▾
▴
[Fail2ban-users] GSSFTPD filter
|
From: Zembower, K. <kze...@jh...> - 2008-03-31 16:17:41
|
In case anyone's interested, I created this filter for GSSFTPD:
[root@tobacco fail2ban]# cat filter.d/gssftpd.conf
# Fail2Ban configuration file for wuftpd
#
# Author: Kevin Zembower (copied from wsftpd.conf)
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = ftpd(?:\[\d+\])?:\s+repeated login failures from <HOST>
\(\S+\)$
[root@tobacco fail2ban]#
I added this section to /etc/fail2ban/jail.conf to accommodate it:
[gssftpd-iptables]
enabled = true
filter = gssftpd
action = iptables[name=GSSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=GSSFTPD, dest=yo...@ma...]
logpath = /var/log/messages
maxretry = 3
Feel free to incorporate these into a future release of fail2ban, if
desired.
-Kevin
Kevin Zembower
Internet Services Group manager
Center for Communication Programs
Bloomberg School of Public Health
Johns Hopkins University
111 Market Place, Suite 310
Baltimore, Maryland 21202
410-659-6139
|