swatch log analyzer usage
Stephen Gilbert
linuxelf at gmail.com
Tue May 11 11:36:56 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
fail2ban is designed to alter iptables, but that functionality can be
disabled. The following is a section out of my /etc/fail2ban/jail.conf,
defining what to do for brute force ssh attacks:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
mail-whois[name=SSH, dest=sgilbert at redcloud.org]
logpath = /var/log/auth.log
maxretry = 5
bantime = 604800
In the section there under 'action', I have one entry updating the
iptables to block the user, and another entry sending email containing
whois information on the person trying the attack. If I only included
the mail-whois line after action, then it'd just mail, not ban.
>On 5/11/2010 2:36 AM, ESGLinux wrote:
> Hi Stephen,
>
> One question about fail2ban. Can you use fail2ban to only send an email
> instead of banning the ip? (I don´t want to ban the ips I just want to be
> reported about them )
>
> Thanks,
>
> ESG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvpQVgACgkQdBNH6NIpz0UbvwCgsTag8NnKuevhgP3oVxjiXJNC
0HIAnRMX8MvehYWgCpYCbRBmn4L6Nc3+
=GSkG
-----END PGP SIGNATURE-----
More information about the redhat-list
mailing list