Init

files/filter.d/gitea.local

@@ -0,0 +1,5 @@
+# Ansible-Managed
+
+[Definition]
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
+ignoreregex =

files/filter.d/nextcloud.local

@@ -0,0 +1,5 @@
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

files/filter.d/postfix-sasl.local

@@ -0,0 +1,21 @@
+# Fail2Ban filter for postfix authentication failures
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
+
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
+
+ignoreregex = authentication failed: Connection lost to authentication server$
+
+[Init]
+
+journalmatch = _SYSTEMD_UNIT=postfix.service
+
+
+# Author: Yaroslav Halchenko

files/filter.d/seafile.local

@@ -0,0 +1,21 @@
+# Fail2Ban filter for seafile
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = seaf-server
+
+failregex = Login attempt limit reached.*, ip: <HOST>
+
+ignoreregex =
+
+# DEV Notes:
+#
+# pattern :     2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
+#        2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3