Bug#513953: additional filters

[Jan Wagner]

Package: fail2ban
Version: 0.8.3-3
Severity: wishlist
Tags: patch

Hi Yaroslav,

maybe you will have a look into the following filter templates, which I'm 
using with 0.8.3-1~bpo40+1 since some time.

Thanks and with kind regards, Jan.
-- 
Never write mail to <w...@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------

# Fail2Ban configuration file
#
# Author: Jan Wagner <w...@cyconet.org>
#
# $Revision: 551 $
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#
failregex = : badlogin: .*\[<HOST>\] plaintext .*SASL\(-13\): authentication 
failure: checkpass failed$
            : badlogin: .*\[<HOST>\] LOGIN \[SASL\(-13\): authentication 
failure: checkpass failed\]$
            : badlogin: .*\[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): 
authentication failure: incorrect (?:digest|NTLM) response\]$
            : badlogin: .*\[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication 
failure: client response doesn't match what we generated\]$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex = 

# Fail2Ban configuration file
#
# Author: Jan Wagner <w...@cyconet.org>
#
# $Revision: 331 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching.
# Values: TEXT
#
failregex = : badlogin: .*\[<HOST>\] (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) 
authentication failure$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex = 

pgpuPlywzSZwL.pgp
Description: PGP signature