2010/5/11 Stephen Gilbert <linuxelf@xxxxxxxxx> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > fail2ban is designed to alter iptables, but that functionality can be > disabled. The following is a section out of my /etc/fail2ban/jail.conf, > defining what to do for brute force ssh attacks: > > [ssh-iptables] > > enabled = true > filter = sshd > action = iptables[name=SSH, port=ssh, protocol=tcp] > mail-whois[name=SSH, dest=sgilbert@xxxxxxxxxxxx] > logpath = /var/log/auth.log > maxretry = 5 > bantime = 604800 > > > In the section there under 'action', I have one entry updating the > iptables to block the user, and another entry sending email containing > whois information on the person trying the attack. If I only included > the mail-whois line after action, then it'd just mail, not ban. > > > this looks nice!! I´m going to try it, Thanks, ESG > > >On 5/11/2010 2:36 AM, ESGLinux wrote: > > Hi Stephen, > > > > One question about fail2ban. Can you use fail2ban to only send an email > > instead of banning the ip? (I don´t want to ban the ips I just want to be > > reported about them ) > > > > Thanks, > > > > ESG > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.12 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvpQVgACgkQdBNH6NIpz0UbvwCgsTag8NnKuevhgP3oVxjiXJNC > 0HIAnRMX8MvehYWgCpYCbRBmn4L6Nc3+ > =GSkG > -----END PGP SIGNATURE----- > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
