Hi Steven,
I think you might need to copy content of
/etc/fail2ban/action.d/iptables-multiport.conf to
/etc/fail2ban/action.d/iptables-multiport.local and modify its "actionban"
section according to the following:
Simpliest case:
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
echo <ip> >> /etc/fail2ban/ip.blacklist
which will save all banned IPs to ip.blacklist file
OR
actionban = printf %%b "Subject: [Fail2Ban] <name>: <ip>
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
`/etc/fail2ban/scripts/ban-foreign-iptables-multiport.sh <name>
"<blocktype>" <ip> <logpath> <country> ban`\n
" | /usr/sbin/sendmail -f <sender> <dest>
which will send mail about banned IP.
You got the idea? You need to put the command to make what you need in format
that is required by Fightback program.
Hope this may help.
Regards,
Denis
> On 10 Jun 2019, at 15:54, Carltonfsck <carltonf...@maa-net.net> wrote:
>
> Greetings,
>
> I’ve been looking all over the place for any configuration steps or
> instructions for setting up a DShield jail so that I can send my SSH log
> failures to the DShield “Fightback” program.
>
> I’m not able to find anything in the Fail2ban Documentation on the Wiki, nor
> anywhere on Google, etc.. for that matter.
>
> Any feedback would be greatly appreciated!
>
>
> Regards,
>
> —Cf
>
>
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
