On 9/3/2013 5:12 AM, Charles Marcus wrote:
Ummm... maybe you didn't read what I wrote? That is what I meant by 'whitelist' in item 1... ;)
Yes, I think we're on the same page.
On 2013-09-02 9:59 PM, other@ahhyes.net <other@ahhyes.net> wrote:
Is there anyway to limit the number of auth attempts allowed in a single session? The reason for this is because I have "fail2ban" setup to firewall out any IP addresses that repeatedly auth fails.
Is there a way to tell fail2ban to block connection attempts NOT based on IP, but based on other values or value combinations (like user+IP)?
I'm not sure if fail2ban can trigger on a value combination, but it should be able to pull a username out of a log line and run some command on the username.
Basically whatever you can do with a regexp and a single log line. Pull any value out of the log line and run a command or script with the value (usually an IP, but can be anything in that line).