Hi Stephen, One question about fail2ban. Can you use fail2ban to only send an email instead of banning the ip? (I don´t want to ban the ips I just want to be reported about them ) Thanks, ESG 2010/5/10 Stephen Gilbert <linuxelf@xxxxxxxxx> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've been using fail2ban, and have been very happy with it. It sounds > like it'll do exactly what you're looking for. > > On 5/10/2010 12:54 PM, ESGLinux wrote: > > Hi All > > > > I´m implemMenting the use of swatch to protect my server from brute force > > attack. > > > > I have configured the config file this way: > > > > watchfor /Aborted login/ > > mail=xxxx@xxxxxxxx,Subject=Possible under attack!!! > > throttle threshold=5,delay=0:1:0,key=log > > > > > > this way I receive an email when the string Aborted login appears in my > log. > > I have setup a threshold of 5 tries on 1 minute. But it does not work > fine. > > > > I always get 2 mails: one the first time the string appears, and one when > > the threshold is reached. > > > > May 10 18:45:06 servere dovecot: imap-login: Aborted login: > > user=<x<emiliano.sutil@xxxxxxxxxxx>xxxx>, > > method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured > (threshold > > 5 exceeded) > > > > I only want to receive the second one, because is the mail that can be > > considered an attack, (the first one can be a simple failure) > > > > So, anyone knows how to configure swatch this way. > > > > By the way, is there any other tool to do what I want ? I don´t mind to > > change, (perhaps, RHEL has a package that does the same....) > > > > > > Thanks in advance, > > > > ESG > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.12 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvoTAYACgkQdBNH6NIpz0WNFQCg10zVl13BJf0Oo/V4TWFd/frJ > MmMAoOYodx7pSkxwhT/qCOh9h209WS3z > =YxYP > -----END PGP SIGNATURE----- > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
