This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
fail2ban [2010/09/13 15:57] k2patel |
fail2ban [2012/06/07 10:59] k2patel [Rotate log] |
||
---|---|---|---|
Line 233: | Line 233: | ||
ignoreip = 168.192.0.1 | ignoreip = 168.192.0.1 | ||
</code> | </code> | ||
+ | |||
+ | NOTE : In above configuration i am using custom config file for "Treason uncloaked!"\\ | ||
+ | which require you to create new file as below. | ||
+ | |||
+ | <code bash | /etc/fail2ban/filter.d/kernel.conf> | ||
+ | # Fail2Ban configuration file | ||
+ | # | ||
+ | # Author: K2patel | ||
+ | # | ||
+ | # $Revision: 1 $ | ||
+ | # | ||
+ | |||
+ | [Definition] | ||
+ | |||
+ | # Option: failregex | ||
+ | # Notes.: regex to match the password failures messages in the logfile. The | ||
+ | # host must be matched by a group named "host". The tag "<HOST>" can | ||
+ | # be used for standard IP/hostname matching and is only an alias for | ||
+ | # (?:::f{4,6}:)?(?P<host>\S+) | ||
+ | # Values: TEXT | ||
+ | # | ||
+ | failregex = Treason uncloaked! Peer <HOST>:.*$ | ||
+ | |||
+ | # Option: ignoreregex | ||
+ | # Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
+ | # Values: TEXT | ||
+ | # | ||
+ | ignoreregex = | ||
+ | </code> | ||
+ | |||
Restart service now | Restart service now | ||
Line 291: | Line 321: | ||
missingok | missingok | ||
compress | compress | ||
- | size=+4096k | + | size 4M |
postrotate | postrotate | ||
/etc/init.d/fail2ban reload | /etc/init.d/fail2ban reload |