/
etc
/
fail2ban
/
filter.d
/
Upload File
HOME
# Fail2Ban filter for monit.conf, looks for failed access attempts # # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf # [DEFAULT] # logtype = short [Definition] _daemon = monit _prefix = Warning|HttpRequest # Regexp for previous (accessing monit httpd) and new (access denied) versions failregex = ^%(__prefix_line)s(?:error\s*:\s+)?(?:%(_prefix)s):\s+(?:access denied\s+--\s+)?[Cc]lient '?<HOST>'?(?:\s+supplied|\s*:)\s+(?:unknown user '<F-ALT_USER>[^']+</F-ALT_USER>'|wrong password for user '<F-USER>[^']*</F-USER>'|empty password) # Ignore login with empty user (first connect, no user specified) # ignoreregex = %(__prefix_line)s\w+: access denied -- client <HOST>: (?:unknown user '') ignoreregex =