? about fail2ban on ubuntu/redhat
I loaded the fail2ban on an RH system and it works great. I setup some jails etc. In the RH version the jails look like this....
example: [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=root] logpath = /var/log/mail.log Notice the line that says action = and there is an option to send mail to root. I then fwd this mail with a .forward file to another account. Works fine. In Ubuntu the entry looks like this.... [ssh-ddos] enable = true port = ssh filter = sshd_ddos logpath = /var/log/auth.log maxretry = 6 Notice no mail option... How do I get fail2ban to mail to root on specific jails? Do I just have to add an action line like the RH version or is there some other place the DEB version keeps this info? I also want to know how to get mail off my laptop to an internet account /phone so i know when someone it trying to hack my system etc. I know the address just not sure how to set up sendmail in Ubuntu... |
Quote:
ok...edited. ...didnt read the question properly :) |
anyone have any ideas???
|
Quote:
|
You can add the following in jail.conf (quote from the stock fail2ban)
Code:
action = iptables[name=SSH, port=ssh, protocol=tcp] Regards |
Quote:
"actions" string same as the Redhat versions does they just dont have it in the file? I will give this a try. |
It should work, because the options for each jail overwrite the default options.
As I see in this howto, the default options for Debian (I suppose the same is valid for Ubuntu) are stored at the beginning of /etc/fail2ban/jail.conf Regards |
All times are GMT -5. The time now is 03:10 AM. |