On Thu, 22 May 2008 09:42:11 -0700 "Don Russell" <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote: > I installed fail2 ban and it seems to do a nice job of reporting > people knocking at my door and shutting them down temporarily. > > Is there any doc on how I could add other "intruder detection".... :-) > man fail2ban and info fail2ban come up dry. :-( > The fedora project page doesn't have anything on it either: > https://admin.fedoraproject.org/pkgdb/packages/name/fail2ban > > i.e. I have an application I run via xinetd. > > If the client tries to connect with the incorrect protocol, I just > respond with a terse "wrong protocol" message and exit. > > My xinet logs show the same IP address connecting with the wrong > protocol over and over... They're obviously "up to no good" :-). > > How can I "teach" fail2ban to block those people too? > > It's not a password violation.. there's no password on it... it's > meant for public consumption, but only if you are using the correct > protocol. > > I could do my own "blocking", but I'd like to use the tools that are > already there. > > Thanks, > You'd have to set up a new jail along with a new filter and an action. You could probably reuse the action from any of the other fail2ban rules. The hard part would finding the right regular expression that matches these entries when fail2ban scans your logs. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
