swatch log analyzer usage
ESGLinux
esggrupos at gmail.com
Tue May 11 15:59:39 UTC 2010
2010/5/11 Stephen Gilbert <linuxelf at gmail.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> fail2ban is designed to alter iptables, but that functionality can be
> disabled. The following is a section out of my /etc/fail2ban/jail.conf,
> defining what to do for brute force ssh attacks:
>
> [ssh-iptables]
>
> enabled = true
> filter = sshd
> action = iptables[name=SSH, port=ssh, protocol=tcp]
> mail-whois[name=SSH, dest=sgilbert at redcloud.org]
> logpath = /var/log/auth.log
> maxretry = 5
> bantime = 604800
>
>
> In the section there under 'action', I have one entry updating the
> iptables to block the user, and another entry sending email containing
> whois information on the person trying the attack. If I only included
> the mail-whois line after action, then it'd just mail, not ban.
>
>
>
this looks nice!! I´m going to try it,
Thanks,
ESG
>
> >On 5/11/2010 2:36 AM, ESGLinux wrote:
> > Hi Stephen,
> >
> > One question about fail2ban. Can you use fail2ban to only send an email
> > instead of banning the ip? (I don´t want to ban the ips I just want to be
> > reported about them )
> >
> > Thanks,
> >
> > ESG
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkvpQVgACgkQdBNH6NIpz0UbvwCgsTag8NnKuevhgP3oVxjiXJNC
> 0HIAnRMX8MvehYWgCpYCbRBmn4L6Nc3+
> =GSkG
> -----END PGP SIGNATURE-----
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list