|
|
|
|
@ -48,16 +48,16 @@ Action files specify which commands are executed to ban an IP address. They are
|
|
|
|
|
Like jail.conf files if you desire local changes create a [actionname].local file in the /etc/fail2ban/action.d directory
|
|
|
|
|
and override the required settings.
|
|
|
|
|
|
|
|
|
|
The action files are ini files that have two sections, \fBDefination\fR and \fBInit\fR .
|
|
|
|
|
The action files are ini files that have two sections, \fBDefinition\fR and \fBInit\fR .
|
|
|
|
|
|
|
|
|
|
The [Init] section allows for settings relevant to the action. In jail.conf/jail.local these can be overwritten for a particular jail.
|
|
|
|
|
|
|
|
|
|
The commands are specified in the [Defination] section as below..
|
|
|
|
|
The commands are specified in the [Definition] section as below..
|
|
|
|
|
|
|
|
|
|
The commands are executed through a system shell so shell redirection and process control is allowed. The commands should
|
|
|
|
|
return 0 to indicate success which will prevent fail2ban attempting to retry (up to \fBmaxretry\fR times to ban the IP again.
|
|
|
|
|
|
|
|
|
|
The following action parameters are in the [Defination] section.
|
|
|
|
|
The following action parameters are in the [Definition] section.
|
|
|
|
|
.TP
|
|
|
|
|
\fBactionstart\fR
|
|
|
|
|
This is the commands that are executed when the jail starts.
|
|
|
|
|
@ -101,14 +101,14 @@ The concatinated string of the log file lines of the matches that generated the
|
|
|
|
|
|
|
|
|
|
.SH FILTER FILES
|
|
|
|
|
|
|
|
|
|
Filter definations are those in /etc/fail2ban/filter.d/*.conf and filter.d/*.local.
|
|
|
|
|
Filter definitions are those in /etc/fail2ban/filter.d/*.conf and filter.d/*.local.
|
|
|
|
|
|
|
|
|
|
These are used to identify failed authenicate attempts in logs and to extract the host IP address or hostname.
|
|
|
|
|
|
|
|
|
|
Like action files, filter files are ini files. The main section is the [Definition] section.
|
|
|
|
|
|
|
|
|
|
There are two filter definations used in the [Defination] section, failregex and ignoreregex.
|
|
|
|
|
Other definations are allowed and can be used to substitue into other definations with %(defnname). For example.
|
|
|
|
|
There are two filter definitions used in the [Definition] section, failregex and ignoreregex.
|
|
|
|
|
Other definitions are allowed and can be used to substitue into other definitions with %(defnname). For example.
|
|
|
|
|
|
|
|
|
|
baduseragents = IE|wget
|
|
|
|
|
|
|
|
|
|
@ -130,11 +130,11 @@ Filters can also have a section called [INCLUDES]. This is used to read other co
|
|
|
|
|
|
|
|
|
|
.TP
|
|
|
|
|
\fBbefore\fR
|
|
|
|
|
indicates that this file is read before the [Defination] section.
|
|
|
|
|
indicates that this file is read before the [Definition] section.
|
|
|
|
|
|
|
|
|
|
.TP
|
|
|
|
|
\fBafter\fR
|
|
|
|
|
indicates that this file is read after the [Defination] section.
|
|
|
|
|
indicates that this file is read after the [Definition] section.
|
|
|
|
|
|
|
|
|
|
.SH AUTHOR
|
|
|
|
|
Fail2ban Written by Cyril Jaquier <cyril.jaquier@fail2ban.org> with many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
|
|
|
|
|
|
Daniel Black
12 years ago