正则表达式:ProFTPD 身份验证日志
我已将 ProFTPD 配置为在 Plesk 支持的服务器上记录所有身份验证。自 Plesk 10 起,此设置不再默认设置(为什么......)。我想配置fail2ban,以检测不成功的登录尝试以防止暴力破解。
/etc/proftpd.include:
ExtendedLog /var/log/proftpd/auth.log AUTH auth
LogFormat auth "%v [%h] %s"
登录失败的示例 (530):
/var/log/proftpd/auth.log:fail2ban
ProFTPD [12.89.47.3] 331
ProFTPD [12.89.47.3] 530
的正确正则表达式是什么? 我的配置似乎与模式不匹配:
/etc/fail2ban/filter.d/proftpd.conf:
failregex = ProFTPD(.)+\[<HOST>\] 530$
$结束了一个规则(如果你想在failregex =中设置多个规则)多变的)。
I've configurated ProFTPD to log all authentifications on a Plesk powered server. This setting is not set by default since Plesk 10 (whyever...). I want to configure fail2ban, to detect unsuccessful login-attempts for Brute Force prevention.
/etc/proftpd.include:
ExtendedLog /var/log/proftpd/auth.log AUTH auth
LogFormat auth "%v [%h] %s"
Example of unsuccessfull login (530):
/var/log/proftpd/auth.log:
ProFTPD [12.89.47.3] 331
ProFTPD [12.89.47.3] 530
What's the correct regexp for fail2ban ? My configuration seems not to match the pattern:
/etc/fail2ban/filter.d/proftpd.conf:
failregex = ProFTPD(.)+\[<HOST>\] 530$
<HOST> seems to be a fail2ban variable, and $ ends up a rule (if you want to set several rules inside the failregex = variable).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
对我来说,以下内容适用于 Plesk 10.4。
proftpd.include:
/etc/fail2ban/filter.d/proftpd.conf:
For me the following is working on Plesk 10.4.
proftpd.include:
/etc/fail2ban/filter.d/proftpd.conf: