view common/fail2ban/ibb-sshd-bad-user.conf @ 203:6813609829e3 puppet-3.6

Blacklist more usernames no-one will ever log in with
author IBBoard <dev@ibboard.co.uk>
date Wed, 29 May 2019 19:51:42 +0100
parents 80b2fdd7ddfd
children ef5dadecfb0b
line wrap: on
line source

# Fail2Ban configuration file
# Author: IBBoard

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = Failed password for invalid user ([0-9a-z][0-9a-z]?|ec2-user|postgres|oracle|nagios|git(olit|lab)?|ftpuser|hadoop|zabbix|student|ubuntu|teamspeak3?|ts3(server|bot)?|jsboss|guest|csgo(server|srv)|minecraft|tomcat|applmgr|usuario|nexus|weblogic|vagrant|zimbra|jira|vyatta|qhsupport|cemergen|redmine|sinusbot|debian|asterisk|aptproxy|facebook|linode|kodi|mongodb|oraprod|proftpd|weblogic|harvard|www(admin|run|user)|uuu|sshd[0-9]*|squid|write|rpcuser|WinD3str0y|sshusr|devteam|gmail|inssftp|master|nfsnobody) from <HOST> port [0-9]+ ssh2

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =