LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 11-12-2009, 08:16 AM   #1
unix1adm
Member
 
Registered: Oct 2008
Posts: 626

Rep: Reputation: 30
? about fail2ban on ubuntu/redhat


I loaded the fail2ban on an RH system and it works great. I setup some jails etc. In the RH version the jails look like this....


example:
[sasl-iptables]

enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=root]
logpath = /var/log/mail.log


Notice the line that says action = and there is an option to send mail to root. I then fwd this mail with a .forward file to another account. Works fine.

In Ubuntu the entry looks like this....

[ssh-ddos]

enable = true
port = ssh
filter = sshd_ddos
logpath = /var/log/auth.log
maxretry = 6

Notice no mail option... How do I get fail2ban to mail to root on specific jails?

Do I just have to add an action line like the RH version or is there some other place the DEB version keeps this info?


I also want to know how to get mail off my laptop to an internet account /phone so i know when someone it trying to hack my system etc.
I know the address just not sure how to set up sendmail in Ubuntu...

Last edited by unix1adm; 11-12-2009 at 08:18 AM.
 
Old 11-12-2009, 08:32 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by unix1adm View Post
I loaded the fail2ban on an RH system and it works great. I setup some jails etc. In the RH version the jails look like this....


example:
[sasl-iptables]

enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=root]
logpath = /var/log/mail.log


Notice the line that says action = and there is an option to send mail to root. I then fwd this mail with a .forward file to another account. Works fine.

In Ubuntu the entry looks like this....

[ssh-ddos]

enable = true
port = ssh
filter = sshd_ddos
logpath = /var/log/auth.log
maxretry = 6

Notice no mail option... How do I get fail2ban to mail to root on specific jails?

Do I just have to add an action line like the RH version or is there some other place the DEB version keeps this info?


I also want to know how to get mail off my laptop to an internet account /phone so i know when someone it trying to hack my system etc.
I know the address just not sure how to set up sendmail in Ubuntu...

ok...edited. ...didnt read the question properly
 
Old 11-13-2009, 06:10 AM   #3
unix1adm
Member
 
Registered: Oct 2008
Posts: 626

Original Poster
Rep: Reputation: 30
anyone have any ideas???
 
Old 11-13-2009, 06:52 AM   #4
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by unix1adm View Post
anyone have any ideas???
i can help with the second part of the question..set up a mail account on a blackberry device
 
Old 11-13-2009, 07:03 AM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
You can add the following in jail.conf (quote from the stock fail2ban)
Code:
action   = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
Of course you must edit the sendmail options accordingly

Regards

Last edited by bathory; 11-13-2009 at 07:09 AM.
 
Old 11-13-2009, 08:29 AM   #6
unix1adm
Member
 
Registered: Oct 2008
Posts: 626

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by bathory View Post
You can add the following in jail.conf (quote from the stock fail2ban)
Code:
action   = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
Of course you must edit the sendmail options accordingly

Regards
So what you are saying is the Ubuntu version of fail2ban accepts the
"actions" string same as the Redhat versions does they just dont have it in the file?

I will give this a try.
 
Old 11-13-2009, 08:49 AM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
It should work, because the options for each jail overwrite the default options.
As I see in this howto, the default options for Debian (I suppose the same is valid for Ubuntu) are stored at the beginning of /etc/fail2ban/jail.conf

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban and qmail Xnake Linux - Server 8 08-19-2009 05:42 AM
fail2ban install qwertyjjj Linux - Newbie 3 08-08-2009 04:11 AM
Need help with fail2ban regex jakev383 Linux - Security 6 12-07-2008 09:35 AM
Fail2Ban Question nomb Debian 0 05-21-2007 07:28 AM
fail2ban and proftpd 1.3 reeseslover531 Linux - Security 4 02-14-2007 07:10 AM


All times are GMT -5. The time now is 01:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration