Edit file File name : froxlor-auth.conf Content :# Fail2Ban configuration file to block repeated failed login attempts to Frolor installation(s) # # Froxlor needs to log to Syslog User (e.g. /var/log/user.log) with one of the following messages # <syslog prefix> Froxlor: [Login Action <HOST>] Unknown user '<USER>' tried to login. # <syslog prefix> Froxlor: [Login Action <HOST>] User '<USER>' tried to login with wrong password. # # Author: Joern Muehlencord # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = Froxlor # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # prefregex = ^%(__prefix_line)s\[Login Action <HOST>\] <F-CONTENT>.+</F-CONTENT>$ failregex = ^Unknown user \S* tried to login.$ ^User \S* tried to login with wrong password.$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = Save