6 Apr
2013
6 Apr
'13
2:14 p.m.
W dniu 2013-04-06 13:18, Reindl Harald pisze:
Hi
Hi!
has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs?
i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls
- add the IP to a distributed "iptables-block.sh" and distribute it to any server with a comment and timestamp
- write a abuse-mail to the ISP
What about ...fail2ban?:) You can define to run any script when fail2ban detects bruteforce. You can pass <ip> as parameter to script. Fail2ban can also send email to proper abuse. Maybe I'm wrong but reading what you wrote about needings it looks fail2ban can do it. Marcin