from a live discussion on gentoo forum: http://forums.gentoo.org/viewtopic-p-3032020.html#3032020 [SSH] enabled = true logfile = /var/log/sshd/current fwstart = fwend = fwcheck = fwban = IP=<ip> && echo "ALL: $IP" >> /etc/hosts.deny fwunban = IP=<ip> && sed -i.old s/ALL:\ $IP// /etc/hosts.deny timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2} timepattern = %%b %%d %%H:%%M:%%S failregex = Authentication failure|Failed password|Invalid user makes it work with hosts.deny (haven't tried myself though) On Mon, Jan 16, 2006 at 10:37:30PM -0500, Yaroslav Halchenko wrote: > On Mon, Jan 16, 2006 at 07:59:58PM +0100, Marco Bertorello wrote: > > denyhosts can run on systems that haven't support for packet filtering, > > fail2ban can ? :) > actually it can do that > since fail2ban can be configured to run ANY command to "ban" an ip you > can add something like > fwban = "echo ssh <ip> >> /etc/deny.hosts" > fwunban = "perl -pi -e 's/^ssh <ip>$//g' /etc/deny.hosts" > or with recently changed general rule > fwban = "echo %(__name__) <ip> >> /etc/deny.hosts" > fwunban = "perl -pi -e 's/^%(__name__) <ip>$//g' /etc/deny.hosts" -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
Attachment:
pgp9bRCZnLfBn.pgp
Description: PGP signature