fail2ban_add_custom_rule

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
fail2ban_add_custom_rule [06.12.2020 09:01] Pascal Suterfail2ban_add_custom_rule [06.12.2020 09:05] (current) Pascal Suter
Line 4: Line 4:
 usually your favorite distribution comes packed with filters and all you may have to do is enable them.. however, sometimes you might want to write your own rule, be it for your own application or for some case which is simply not covered by the default rules..  usually your favorite distribution comes packed with filters and all you may have to do is enable them.. however, sometimes you might want to write your own rule, be it for your own application or for some case which is simply not covered by the default rules.. 
  
-here is an example of how I added a new rule for postfix which filters out some bots who try to brute-force smtpd accounts. most of those are covered by the default filter in ubuntu, however, i had a case of a bot which tried to authenticate on a smtpd which only allowed TLS but it did not use TLS.. so the bot will honestly never suceed with this method of course, but it still was flooding my logs, so i decided to do something against that.. +here is an example of how I added a new rule for postfix running on an **ubuntu server** which filters out some bots who try to brute-force smtpd accounts. most of those are covered by the default filter in ubuntu, however, i had a case of a bot which tried to authenticate on a smtpd which only allowed TLS but it did not use TLS.. so the bot will honestly never suceed with this method of course, but it still was flooding my logs, so i decided to do something against that..  
 + 
 +**NOTE** Please keep in mind, that path names and best practices on where to save your configs vary slightly from distribution to distribution.. debian and therefore ubuntu style is to not edit distribution provided config files and instead use the ''.d'' directory with the same basename as the config file you want to edit and then create a new ''.conf'' in there which overwrites the defaults you want to change or adds to the config.. this of course only works for apps that support includes and the necessary tools in their config parsing mechanisms, but luckily fail2ban is one of those, so we keep it debian friendly, which will help when you upgrade your system (it won't ask you if you want to keep your old config or overwrite it with the default)
  
 first let's look a the log entries which identify that sucker:  first let's look a the log entries which identify that sucker: 
  • fail2ban_add_custom_rule.1607241684.txt.gz
  • Last modified: 06.12.2020 09:01
  • by Pascal Suter