TechQA.

Regexp: ProFTPD auth-logs

3.1k views Asked by At

I've configurated ProFTPD to log all authentifications on a Plesk powered server. This setting is not set by default since Plesk 10 (whyever...). I want to configure fail2ban, to detect unsuccessful login-attempts for Brute Force prevention.

/etc/proftpd.include:

ExtendedLog         /var/log/proftpd/auth.log AUTH auth 
LogFormat           auth "%v [%h] %s"

Example of unsuccessfull login (530):

/var/log/proftpd/auth.log:

ProFTPD [12.89.47.3] 331
ProFTPD [12.89.47.3] 530

What's the correct regexp for fail2ban ? My configuration seems not to match the pattern:

/etc/fail2ban/filter.d/proftpd.conf:

failregex = ProFTPD(.)+\[<HOST>\] 530$

<HOST> seems to be a fail2ban variable, and $ ends up a rule (if you want to set several rules inside the failregex = variable).

regex linux plesk proftpd
Original Q&A
1

There are 1 answers

0
Ralf On BEST ANSWER

For me the following is working on Plesk 10.4.

proftpd.include:

ExtendedLog         /var/log/proftpd/auth.log AUTH auth
LogFormat           auth "%v %t \"%r\" [%h] %s"

/etc/fail2ban/filter.d/proftpd.conf:

failregex = \[<HOST>\]\s+530$

Related Questions in REGEX

Related Questions in LINUX

Related Questions in PLESK

Related Questions in PROFTPD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions