from a live discussion on gentoo forum: http://forums.gentoo.org/viewtopic-p-3032020.html#3032020
[SSH]
enabled = true
logfile = /var/log/sshd/current
fwstart =
fwend =
fwcheck =
fwban = IP=<ip> && echo "ALL: $IP" >> /etc/hosts.deny
fwunban = IP=<ip> && sed -i.old s/ALL:\ $IP// /etc/hosts.deny
timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
timepattern = %%b %%d %%H:%%M:%%S
failregex = Authentication failure|Failed password|Invalid user
makes it work with hosts.deny (haven't tried myself though)
On Mon, Jan 16, 2006 at 10:37:30PM -0500, Yaroslav Halchenko wrote:
> On Mon, Jan 16, 2006 at 07:59:58PM +0100, Marco Bertorello wrote:
> > denyhosts can run on systems that haven't support for packet filtering,
> > fail2ban can ? :)
> actually it can do that
> since fail2ban can be configured to run ANY command to "ban" an ip you
> can add something like
> fwban = "echo ssh <ip> >> /etc/deny.hosts"
> fwunban = "perl -pi -e 's/^ssh <ip>$//g' /etc/deny.hosts"
> or with recently changed general rule
> fwban = "echo %(__name__) <ip> >> /etc/deny.hosts"
> fwunban = "perl -pi -e 's/^%(__name__) <ip>$//g' /etc/deny.hosts"
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpFWKq8pEiXq.pgp
Description: PGP signature
