Code:
2007-11-05 10:38:47,482 fail2ban.jail : INFO Using poller
2007-11-05 10:38:47,571 fail2ban.filter : INFO Created Filter
2007-11-05 10:38:47,571 fail2ban.filter : INFO Created FilterPoll
2007-11-05 10:38:47,576 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 10:38:47,578 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 10:38:47,581 fail2ban.filter : INFO Set findtime = 600
2007-11-05 10:38:47,582 fail2ban.actions: INFO Set banTime = 600
2007-11-05 10:38:47,619 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 10:38:47,623 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 10:38:47,625 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2007-11-05 10:38:47,626 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 10:38:47,628 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 10:56:42,801 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 10:56:44,529 fail2ban.jail : INFO Using poller
2007-11-05 10:56:44,551 fail2ban.filter : INFO Created Filter
2007-11-05 10:56:44,551 fail2ban.filter : INFO Created FilterPoll
2007-11-05 10:56:44,554 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 10:56:44,557 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 10:56:44,563 fail2ban.filter : INFO Set findtime = 600
2007-11-05 10:56:44,565 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 10:56:44,600 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 10:56:44,601 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 10:56:44,605 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2007-11-05 10:56:44,607 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 10:56:44,609 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 11:23:17,999 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 11:23:19,782 fail2ban.jail : INFO Using poller
2007-11-05 11:23:19,804 fail2ban.filter : INFO Created Filter
2007-11-05 11:23:19,804 fail2ban.filter : INFO Created FilterPoll
2007-11-05 11:23:19,806 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 11:23:19,808 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 11:23:19,809 fail2ban.comm : WARNING Invalid command: ['set', 'proftpd', 'failregex', 'proftpd: \\(pam_unix\\) authentication failure; .* rhost=<HOST>']
2007-11-05 11:35:00,030 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 12:58:56,827 fail2ban.jail : INFO Using poller
2007-11-05 12:58:56,851 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:56,851 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:56,854 fail2ban.filter : INFO Set maxRetry = 5
2007-11-05 12:58:56,857 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:56,859 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:56,898 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 12:58:56,900 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 12:58:56,902 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 12:58:56,904 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 12:58:56,905 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 12:58:56,916 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,919 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,921 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,923 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:56,926 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:56,932 fail2ban.jail : INFO Using poller
2007-11-05 12:58:56,935 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:56,935 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:56,938 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 12:58:56,940 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 12:58:56,942 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:56,945 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:56,964 fail2ban.actions.action: INFO Set actionBan = ipaction add deny tcp from <ip> to <localhost> <port>
2007-11-05 12:58:56,966 fail2ban.actions.action: INFO Set actionStop =
2007-11-05 12:58:56,967 fail2ban.actions.action: INFO Set actionStart =
2007-11-05 12:58:56,969 fail2ban.actions.action: INFO Set actionUnban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
2007-11-05 12:58:56,970 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:56,981 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,986 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,988 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:56,991 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:56,992 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:57,002 fail2ban.jail : INFO Using poller
2007-11-05 12:58:57,003 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:57,003 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:57,004 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 12:58:57,009 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:57,011 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:57,022 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 12:58:57,026 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 12:58:57,026 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 12:58:57,027 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 12:58:57,029 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 12:58:57,038 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,042 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,044 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,045 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:57,047 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:58:57,052 fail2ban.jail : INFO Using poller
2007-11-05 12:58:57,052 fail2ban.filter : INFO Created Filter
2007-11-05 12:58:57,055 fail2ban.filter : INFO Created FilterPoll
2007-11-05 12:58:57,057 fail2ban.filter : INFO Set maxRetry = 1
2007-11-05 12:58:57,059 fail2ban.filter : INFO Set findtime = 600
2007-11-05 12:58:57,061 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 12:58:57,123 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 12:58:57,127 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 12:58:57,129 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
2007-11-05 12:58:57,131 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 12:58:57,132 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 12:58:57,140 fail2ban.actions.action: INFO Set actionBan = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
if [ $LINE -eq <lines> ]; then
echo -en "Subject: [Fail2Ban] <name>: summary
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
rm <tmpfile>
fi
2007-11-05 12:58:57,143 fail2ban.actions.action: INFO Set actionStop = if [ -f <tmpfile> ]; then
echo -en "Subject: [Fail2Ban] <name>: summary
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
rm <tmpfile>
fi
echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,145 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 12:58:57,147 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 12:58:57,148 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 12:59:18,278 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 13:01:51,451 fail2ban.jail : INFO Using poller
2007-11-05 13:01:51,475 fail2ban.filter : INFO Created Filter
2007-11-05 13:01:51,475 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:01:51,481 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:01:51,483 fail2ban.filter : INFO Set maxRetry = 5
2007-11-05 13:01:51,485 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:01:51,487 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:01:51,528 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:01:51,531 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:01:51,533 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:01:51,534 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:01:51,535 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:01:51,550 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,552 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,555 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,556 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:01:51,557 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:01:51,567 fail2ban.jail : INFO Using poller
2007-11-05 13:01:51,567 fail2ban.filter : INFO Created Filter
2007-11-05 13:01:51,567 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:01:51,568 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:01:51,573 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 13:01:51,577 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:01:51,578 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:01:51,595 fail2ban.actions.action: INFO Set actionBan = ipaction add deny tcp from <ip> to <localhost> <port>
2007-11-05 13:01:51,600 fail2ban.actions.action: INFO Set actionStop =
2007-11-05 13:01:51,602 fail2ban.actions.action: INFO Set actionStart =
2007-11-05 13:01:51,603 fail2ban.actions.action: INFO Set actionUnban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
2007-11-05 13:01:51,606 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:01:51,616 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,618 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,623 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,626 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:01:51,628 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:01:51,637 fail2ban.jail : INFO Using poller
2007-11-05 13:01:51,638 fail2ban.filter : INFO Created Filter
2007-11-05 13:01:51,639 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:01:51,640 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:01:51,645 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 13:01:51,648 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:01:51,649 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:01:51,663 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:01:51,664 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:01:51,666 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:01:51,670 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:01:51,672 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:01:51,682 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,684 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,685 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:01:51,687 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:01:51,689 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:40,870 fail2ban.server : INFO Exiting Fail2ban
2007-11-05 13:20:49,049 fail2ban.jail : INFO Using poller
2007-11-05 13:20:49,080 fail2ban.filter : INFO Created Filter
2007-11-05 13:20:49,080 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:20:49,086 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:20:49,090 fail2ban.filter : INFO Set maxRetry = 5
2007-11-05 13:20:49,095 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:20:49,101 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:20:49,153 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:20:49,156 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:20:49,160 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:20:49,168 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:20:49,170 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:20:49,185 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,190 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,193 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,194 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:20:49,201 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:49,210 fail2ban.jail : INFO Using poller
2007-11-05 13:20:49,210 fail2ban.filter : INFO Created Filter
2007-11-05 13:20:49,211 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:20:49,216 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:20:49,218 fail2ban.filter : INFO Set maxRetry = 3
2007-11-05 13:20:49,226 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:20:49,227 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:20:49,251 fail2ban.actions.action: INFO Set actionBan = ipaction add deny tcp from <ip> to <localhost> <port>
2007-11-05 13:20:49,253 fail2ban.actions.action: INFO Set actionStop =
2007-11-05 13:20:49,254 fail2ban.actions.action: INFO Set actionStart =
2007-11-05 13:20:49,255 fail2ban.actions.action: INFO Set actionUnban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
2007-11-05 13:20:49,257 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:49,267 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,268 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,274 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,277 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:20:49,278 fail2ban.actions.action: INFO Set actionCheck =
2007-11-05 13:20:49,288 fail2ban.jail : INFO Using poller
2007-11-05 13:20:49,290 fail2ban.filter : INFO Created Filter
2007-11-05 13:20:49,290 fail2ban.filter : INFO Created FilterPoll
2007-11-05 13:20:49,296 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2007-11-05 13:20:49,299 fail2ban.filter : INFO Set maxRetry = 6
2007-11-05 13:20:49,301 fail2ban.filter : INFO Set findtime = 600
2007-11-05 13:20:49,305 fail2ban.actions: INFO Set banTime = 172800
2007-11-05 13:20:49,323 fail2ban.actions.action: INFO Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2007-11-05 13:20:49,333 fail2ban.actions.action: INFO Set actionStop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2007-11-05 13:20:49,334 fail2ban.actions.action: INFO Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
2007-11-05 13:20:49,336 fail2ban.actions.action: INFO Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2007-11-05 13:20:49,342 fail2ban.actions.action: INFO Set actionCheck = iptables -n -L INPUT | grep -q fail2ban-<name>
2007-11-05 13:20:49,349 fail2ban.actions.action: INFO Set actionBan = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,357 fail2ban.actions.action: INFO Set actionStop = echo -en "Subject: [Fail2Ban] <name>: stopped
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,360 fail2ban.actions.action: INFO Set actionStart = echo -en "Subject: [Fail2Ban] <name>: started
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
2007-11-05 13:20:49,362 fail2ban.actions.action: INFO Set actionUnban =
2007-11-05 13:20:49,365 fail2ban.actions.action: INFO Set actionCheck =
hier meine jail.conf:
Lesezeichen