mirror of
https://github.com/jrbrtsn/ban2fail
synced 2024-06-16 03:48:03 +00:00
61 lines
2.0 KiB
INI
61 lines
2.0 KiB
INI
# By default, no number of offenses are allowable
|
|
|
|
# Lighten up a little for home boys
|
|
MAX_OFFENSES 5 {
|
|
COUNTRY= US
|
|
}
|
|
|
|
# GeoIP doesn't know the location of every IP address
|
|
MAX_OFFENSES 3 {
|
|
COUNTRY= unknown
|
|
IP= 46.20.2.158
|
|
}
|
|
|
|
# This is your whitelist
|
|
MAX_OFFENSES -1 {
|
|
|
|
# me from home
|
|
IP= 205.144.171.37
|
|
|
|
# Some user
|
|
IP= 173.236.196.36
|
|
}
|
|
|
|
|
|
LOGTYPE auth {
|
|
DIR= /var/log
|
|
PREFIX= auth.log
|
|
|
|
# imapd[20193]= Login failed user=hollingsworth@robertsonoptical.com auth=hollingsworth@robertsonoptical.com host=[186.179.170.12]
|
|
REGEX= imapd.*Login failed.*\[([0-9.]+)\]$
|
|
|
|
# sshd[6165]= Failed password for invalid user user from 185.224.137.201 port 44865 ssh2
|
|
REGEX= sshd.*Failed password.*from ([0-9.]+) port [0-9]+ ssh2$
|
|
|
|
# Unable to negotiate with 193.188.22.188 port ...
|
|
REGEX= Unable to negotiate with ([0-9.]+) port
|
|
|
|
# in.qpopper[14962]= pam_unix(qpopper=auth)= authentication failure; logname= uid=0 euid=0 tty=96.89.83.1
|
|
REGEX= in\.qpopper.*authentication failure.*tty=([0-9.]+)
|
|
|
|
}
|
|
|
|
LOGTYPE exim4 {
|
|
|
|
DIR= /var/log/exim4
|
|
PREFIX= mainlog
|
|
|
|
# cram_md5_server authenticator failed for ([78.128.113.121]) [78.128.113.121]
|
|
# cram_md5_server authenticator failed for (swim.diverseenvironment.com.) [185.211.245.198]
|
|
REGEX= [[:alnum:]_]+ authenticator failed for .*\[([0-9.]+)\]
|
|
|
|
# 2019-11-15 00:08:25 SMTP protocol error in "AUTH LOGIN" H=(User) [193.56.28.176] LOGIN authentication mechanism not supported
|
|
REGEX= \[([0-9.]+)\] [[:alnum:]_]+ authentication mechanism not supported
|
|
|
|
# 2019-11-20 03:44:51 1iXLbX-0000ZX-F8 <= kirsten@rrci.com H=(rrci.com) [171.244.140.160] P=esmtpa A=cram_md5_server:kirsten S=2742 id=9857581066.20191120084450@rrci.com
|
|
# 2019-11-20 18:21:15 1iXZHe-0002fZ-W8 <= kirsten@rrci.com H=035-133-139-132.res.spectrum.com ([192.168.1.29]) [35.133.139.132] P=esmtpsa X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 CV=no A=plain_server:kirsten S=703 id=e8478681-4fc5-75d8-7328-52f534956d65@rrci.com
|
|
REGEX= \[([0-9.]+)\].*A=[[:alnum:]_]+_server:
|
|
|
|
}
|
|
|