HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Configuring fail2ban (http://www.howtoforge.com/forums/showthread.php?t=60572)

Classy_Manatee 14th February 2013 20:05

Configuring fail2ban
 
I am looking into putting fail2ban on a mail server to help reduce the number of outbound spam attacks. Is there a way to set it up to notify me when a user exceeds a maximum number of authentications (successful or failed) in a given time frame? So far I can only find how to set it for failed attempts.

florian030 15th February 2013 07:39

You can change the corresponding failregx so it matches successful and failed logins.

Change
Code:

failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
to

Code:

failregex = LOGIN , .*, ip=\[<HOST>\]$
In the next step change maxretry and maybe the action for the jail.

After reloading the jail, fail2ban triggers on both login-types.

If you have problems with outbound spam,you should check your system instead of using f2b as a workaround.


All times are GMT +2. The time now is 17:29.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.