github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Limit the number of log lines in *-lines.conf actions

pull/1135/head
Viktor Szépe 2015-07-27 02:35:21 +02:00
parent 6577387b5a
commit c8b3ee10a0
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -12,6 +12,8 @@ ver. 0.9.3 (2015/XX/XXX) - wanna-be-released
- IMPORTANT incompatible changes: - IMPORTANT incompatible changes:
* filter.d/roundcube-auth.conf * filter.d/roundcube-auth.conf
- Changed logpath to 'errors' log (was 'userlogins') - Changed logpath to 'errors' log (was 'userlogins')
* mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines
actions include only the first 1000 log lines in the email
- Fixes: - Fixes:
* reload in interactive mode appends all the jails twice (gh-825) * reload in interactive mode appends all the jails twice (gh-825)

6
config/action.d/mail-whois-lines.conf
View File

@ -42,7 +42,7 @@ actionban = printf %%b "Hi,\n
Here is more information about <ip>:\n Here is more information about <ip>:\n
`whois <ip> || echo missing whois program`\n\n `whois <ip> || echo missing whois program`\n\n
Lines containing IP:<ip> in <logpath>\n Lines containing IP:<ip> in <logpath>\n
`grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
Regards,\n Regards,\n
Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest> Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from `uname -n`" <dest>
@ -67,3 +67,7 @@ dest = root
# Path to the log files which contain relevant lines for the abuser IP # Path to the log files which contain relevant lines for the abuser IP
# #
logpath = /dev/null logpath = /dev/null
# Number of log lines to include in the email
#
grepopts = -m 1000

6
config/action.d/sendmail-geoip-lines.conf
View File

@ -34,7 +34,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-` AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
hostname: `host -t A <ip> 2>&1`\n\n hostname: `host -t A <ip> 2>&1`\n\n
Lines containing IP:<ip> in <logpath>\n Lines containing IP:<ip> in <logpath>\n
`grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
@ -47,3 +47,7 @@ name = default
# Path to the log files which contain relevant lines for the abuser IP # Path to the log files which contain relevant lines for the abuser IP
# #
logpath = /dev/null logpath = /dev/null
# Number of log lines to include in the email
#
grepopts = -m 1000

5
config/action.d/sendmail-whois-lines.conf
View File

@ -26,7 +26,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
Here is more information about <ip>:\n Here is more information about <ip>:\n
`/usr/bin/whois <ip> || echo missing whois program`\n\n `/usr/bin/whois <ip> || echo missing whois program`\n\n
Lines containing IP:<ip> in <logpath>\n Lines containing IP:<ip> in <logpath>\n
`grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
Regards,\n Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
@ -40,3 +40,6 @@ name = default
# #
logpath = /dev/null logpath = /dev/null
# Number of log lines to include in the email
#
grepopts = -m 1000