View file File name : vsftpd.conf Content :# Fail2Ban filter for vsftp # # Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch # /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the # incoming ip address rather than domain names. [INCLUDES] before = common.conf [Definition] __pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:? _daemon = vsftpd failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ ^ \[pid \d+\] \[[^\]]+\] FAIL LOGIN: Client "<HOST>"(?:\s*$|,) ignoreregex = # Author: Cyril Jaquier # Documentation from fail2ban wiki