jail.conf
[rdp]
enabled = true
filter = rdp
action = iptables-multiport[name=rdp, port="3389", protocol=tcp]
logpath = /var/log/xrdp.log
maxretry = 5
filter.d/rdp.conf
[Definition]
failregex = connection received from <HOST>
ignoreregex =
datepattern = %%Y%%m%%d-%%H:%%M:%%S
link: https://stackoverflow.com/questions/65491510/regexp-for-fail2ban-for-xrdp-log
jail.local
[rdp]
enabled = true
port = rdp
filter = rdp
logpath = /var/log/xrdp.log
maxretry = 5
findtime = 1d
bantime = 1d
沒有留言:
張貼留言