# Fail2Ban configuration file # # Regexp to detect try to check a couple login/password so we can add mitigation # on IP making too much tries. [Definition] # To test, you can inject this example into log # echo `date +'%Y-%m-%d %H:%M:%S'`" INFO 1.2.3.4 functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log # # then # fail2ban-client status web-dolibarr-rulesbruteforce # # To test rule file on a existing log file # fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched failregex = ^ [A-Z\s]+ \s+functions_.*::check_user_.* Authentication KO ignoreregex =