Re: swatch log analyzer usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2010/5/11 Stephen Gilbert <linuxelf@xxxxxxxxx>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> fail2ban is designed to alter iptables, but that functionality can be
> disabled.  The following is a section out of my /etc/fail2ban/jail.conf,
> defining what to do for brute force ssh attacks:
>
> [ssh-iptables]
>
> enabled  = true
> filter   = sshd
> action   = iptables[name=SSH, port=ssh, protocol=tcp]
>           mail-whois[name=SSH, dest=sgilbert@xxxxxxxxxxxx]
> logpath  = /var/log/auth.log
> maxretry = 5
> bantime  = 604800
>
>
> In the section there under 'action', I have one entry updating the
> iptables to block the user, and another entry sending email containing
> whois information on the person trying the attack.  If I only included
> the mail-whois line after action, then it'd just mail, not ban.
>
>
>

this looks nice!! I´m going to try it,

Thanks,

ESG




>
> >On 5/11/2010 2:36 AM, ESGLinux wrote:
> > Hi Stephen,
> >
> > One question about fail2ban. Can you use fail2ban to only send an email
> > instead of banning the ip? (I don´t want to ban the ips I just want to be
> > reported about them )
> >
> > Thanks,
> >
> > ESG
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkvpQVgACgkQdBNH6NIpz0UbvwCgsTag8NnKuevhgP3oVxjiXJNC
> 0HIAnRMX8MvehYWgCpYCbRBmn4L6Nc3+
> =GSkG
> -----END PGP SIGNATURE-----
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux