- # fail2ban ssh bad username ban
- [Definition]
- ## Generated with:
- ## echo $(awk '/.*sshd.*: Invalid user [a-zA-Z0-9]* from/ {print $8}' /var/log/auth.log /var/log/auth.log.1 | sort | uniq -d) | sed 's/ /|/g'
- badusers = 1|10px|a|a1|abcs|accounts|admin|amsftp|amssys|ansible|apache|apache2|app|appldev|applmgr|appuser|audit|bot|bsnl|butter|cacti|centos|cms|csgo|db2fenc1|db2inst1|db2inst2|db2prod|dbuser|deploy|deployer|dev|devuser|django|docker|drupal|dylan|elastic|elasticsearch|eric|ethos|flink|ftp|ftpadmin|ftpuser|git|glassfish|gpadmin|guest|hadoop|hduser|jason|java|jboss|jenkins|joomla|mc|minecraft|nagios|nginx|node|odoo|openstack|oracle|qhsupport|redmine|samba|samp|server|t7inst|temp|test|test2|test3|test4|testftp|testuser|tomcat|ts3|ubuntu|uftp|upload|user|user1|user2|user3|vagrant|vnc|wang|weblogic|webmaster|wordpress|wp-user|www|zabbix|zimbra|dbadmin|vbox|support|student
- failregex = ^.*sshd.*: Invalid user (?:%(badusers)s) from <HOST> port.*
- #ignoreregex =
|
