Hello Kenneth,
My answer is kind-of off-topic (not Fail2ban), but you may be interested
nonetheless.
I wrote, and published as free software, a log peruser (named Pyruse),
that can replace Fail2ban. With Pyruse, what you describe is easy.
Of course, I’ll let you make your own mind, based on the documentation:
https://yalis.fr/git/yves/pyruse
If you have questions, I will gladly answer them.
Kind regards,
Yves Gablin.
Le 02/06/2019 à 17:05, Kenneth Porter a écrit :
I've noticed that almost all the ssh attacks on my hosts are against
usernames not remotely similar to legitimate users on my machine.
They're mostly service names or the names of admin logins for routers.
Is there some way to look for just those attempts, perhaps based on a
list of commonly-attacked usernames, and instantly ban them without
waiting for retries? The logic I'd need is something that matches the
username against a list, perhaps loaded from a file.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
