[DEFAULT]
# 24h + 5min
# Time to keep banned a bad ip
watch_while = 86700 
# Max tries before being banned
maxtries = 3
# pf table to keep bad IP.
# remember to clean the table with this command in a cron job :
#     /sbin/pfctl -t vilain_bruteforce -T expire 86400
vilain_table = vilain_bruteforce

### Ip ignored ###
[ignoreip]
ip1 = 92.150.160.157
ip2 = 92.150.160.156

### Guardians
#[name of the guardian]
#logfile = /file/to/watch
#regex = regex that return the bad guy IP

[ssh]
logfile = /var/log/authlog
regex = .* Failed .* from ([\S]+) .*

[ssh2]
logfile = /var/log/authlog
regex = .* Connection closed by ([\S]+) .*

#[http404]
#logfile = /var/www/logs/access.log
#regex = (?:\S+\s){1}(\S+).*\s404\s.*

[http401]
logfile = /var/www/logs/access.log
regex = (?:\S+\s){1}(\S+).*\s401\s.*

[http403]
logfile = /var/www/logs/access.log
regex = (?:\S+\s){1}(\S+).*\s403\s.*

[smtp]
logfile = /var/log/maillog
regex = .* event=failed-command address=([\S]+) .*

[dovecot]
logfile = /var/log/maillog
regex = .*auth failed.*rip=([\S]+),.*

[wordpress]
# don't use if you have wordpress
logfile = /var/www/logs/access.log
regex = (?:\S+\s){1}(\S+).*wp-login.php.*