hello,
I am trying to create a pptpd anti-brute force on fail2ban, can somebody help me?
I am trying to create a pptpd anti-brute force on fail2ban, can somebody help me?
Code:
Error
------------------------------------------------------------------------------------------
fail2ban.filter : ERROR Unable to compile regular expression 'Authentication failure for pptpd from .* host pptpd (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) CTRL: Client (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) control connection finished'
------------------------------------------------------------------------------------------
jail.conf
[pptpd]
enabled = true
port = 1723
filter = pptpd-auth
logpath = /var/log/syslog
maxretry = 3
------------------------------------------------------------------------------------------
filter
failregex = Peer .* failed CHAP authentication
failregex = CTRL: Client <HOST> control connection finished
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
~
-----------------------------------------------------------------------------------------
Log
Peer usera failed CHAP authentication
Nov 29 19:45:54 host pppd[10992]: Connection terminated.
Nov 29 19:45:54 host pppd[10992]: Exit.
Nov 29 19:45:54 host pptpd[10991]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Nov 29 19:45:54 host pptpd[10991]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Nov 29 19:45:54 host pptpd[10991]: CTRL: Reaping child PPP[10992]
Nov 29 19:45:54 host pptpd[10991]: CTRL: Client 189.10.177.138 control connection finished
-----------------------------------------------------------------------------------------