HEX
Server: Apache
System: Linux dinesh8149 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: usesambura1 (1212012)
PHP: 7.0.33
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /etc/fail2ban/filter.d/
Upload Files
File: //etc/fail2ban/filter.d/znc-adminlog.conf
# Fail2Ban filter for ZNC (requires adminlog module)
#
# to use this module, enable the adminlog module from within ZNC and point
# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log).

[DEFAULT]

logtype = file

[Definition]

_daemon = znc

# Prefix for different logtype (file, journal):
#
__prefix_file = (?:\[\]\s+)?
__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+
__prefix_journal = %(__prefix_short)s

__prefix_line = <__prefix_<logtype>>

failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR>

ignoreregex = 

journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc

# DEV Notes:
# Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR>
# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4
# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4
#
# Author: Tobias Girstmair (//gir.st/)
@ Telegram