Differences

This shows you the differences between two versions of the page.

--- fail2ban [2009/10/11 07:12]
k2patel
+++ fail2ban [2020/08/10 02:35] (current)
@@ Line 77: / Line 77: @@
 enabled  = true
 filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
+action   = iptables-new[name=SSH, port=ssh, protocol=tcp]
            sendmail-whois[name=SSH, dest=receiver@lithiumfox.com, sender=notify@lithiumfox.com]
 logpath  = /var/log/secure
 maxretry = 5
+[kernel-iptables]
+enabled  = true
+filter   = kernel
+action   = iptables-allports[name=kernel, protocol=all]
+           sendmail-whois[name=KERNEL, dest=k2patel@sify.com, sender=notify@test.com]
+logpath  = /var/log/messages
+maxretry = 2
@@ Line 222: / Line 233: @@
 ignoreip = 168.192.0.1
 </code>
+NOTE : In above configuration i am using custom config file for "Treason uncloaked!"\\
+which require you to create new file as below.
+<code bash | /etc/fail2ban/filter.d/kernel.conf>
+# Fail2Ban configuration file
+#
+# Author: K2patel
+#
+# $Revision: 1 $
+#
+[Definition]
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = Treason uncloaked! Peer <HOST>:.*$
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
+</code>
 Restart service now
@@ Line 280: / Line 321: @@
     missingok
     compress
+    size 4M
     postrotate
-      /usr/bin/fail2ban-client reload 1>/dev/null || true
+      /etc/init.d/fail2ban reload
     endscript
 }
+</code>
+If you do not have init script you can use following code to reload fail2ban as postrotate command.
+<code bash>
+/usr/bin/fail2ban-client reload 1>/dev/null || true
 </code>

Daily *Nix

User Tools

Site Tools

Differences

Page Tools