-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been using fail2ban, and have been very happy with it. It sounds like it'll do exactly what you're looking for. On 5/10/2010 12:54 PM, ESGLinux wrote: > Hi All > > I´m implemMenting the use of swatch to protect my server from brute force > attack. > > I have configured the config file this way: > > watchfor /Aborted login/ > mail=xxxx@xxxxxxxx,Subject=Possible under attack!!! > throttle threshold=5,delay=0:1:0,key=log > > > this way I receive an email when the string Aborted login appears in my log. > I have setup a threshold of 5 tries on 1 minute. But it does not work fine. > > I always get 2 mails: one the first time the string appears, and one when > the threshold is reached. > > May 10 18:45:06 servere dovecot: imap-login: Aborted login: > user=<x<emiliano.sutil@xxxxxxxxxxx>xxxx>, > method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured (threshold > 5 exceeded) > > I only want to receive the second one, because is the mail that can be > considered an attack, (the first one can be a simple failure) > > So, anyone knows how to configure swatch this way. > > By the way, is there any other tool to do what I want ? I don´t mind to > change, (perhaps, RHEL has a package that does the same....) > > > Thanks in advance, > > ESG -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvoTAYACgkQdBNH6NIpz0WNFQCg10zVl13BJf0Oo/V4TWFd/frJ MmMAoOYodx7pSkxwhT/qCOh9h209WS3z =YxYP -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
