Fail2ban: Difference between revisions

From DWIKI
mNo edit summary
Line 1: Line 1:
=Links=
=Links=
*[http://www.fail2ban.org/wiki/index.php/Main_Page Homepage Wiki]
*[http://www.fail2ban.org/wiki/index.php/Main_Page Homepage Wiki]
*[https://www.sshguard.net/ sshguard, an alternative]


=Custom rules=
=Custom rules=

Revision as of 14:00, 29 April 2020

Links

Custom rules

assp.conf

failregex =  \[Worker_.*\] <HOST> \[SMTP Error\] 535 5.7.8 Error: authentication failed: 
                        \[Worker_.*\] \[SSL-in\] \[TLS-out\] <HOST> \[SMTP Error\] 535 
                       \[Worker_.*\] \[MessageLimit\] <HOST>
                       \[Worker_.*\] <HOST> .* \[SMTP Error\] 554 5.7.1


FAQ

Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'

Enabling sshd-ddos filter seems to trigger this

WARNING Unable to find a corresponding IP address for client: (-2, 'Name or service not known')

Crap code, maybe look at usedns in fail.conf


test filter

fail2ban-regex /usr/share/assp/logs/maillog.txt /etc/fail2ban/filter.d/assp.conf
Retrieved from "https://wiki.dhits.nl/index.php?title=Fail2ban&oldid=6210"