fail2ban
Kategorie: linux

fail2ban-regex '/var/log/mail.log' /etc/fail2ban/filter.d/dovecot.conf

After restarting the syslog service via systemctl restart syslog, fail2ban recognized log lines in the correct time zone

apt install python-pyinotify
http://serverfault.com/questions/970854/fail2ban-find-matches-but-does-not-ban

failregex = (?i): warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*)?$

http://www.burlutsky.su/security/fail2ban-add-custom-rule/


cat /var/log/auth.log | grep sshd | grep failu | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort | uniq -c | sort -bgr


3.4.2021 9:56:42