Last active
November 1, 2021 00:19
-
-
Save mpochron/4d95c3c955fefbe26e6df65f7d3ae353 to your computer and use it in GitHub Desktop.
Maltrial - integration with Fail2ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; /etc/fail2ban/jail.local | |
[maltrail-iptables] | |
enabled = true | |
filter = maltrail | |
bantime = 31536000 | |
action = iptables-allports[name=MALTRAIL, protocol=all] | |
;action = vesta[name=MALTRAIL] | |
echo "logpath = /var/log/maltrail/$(ls -1t /var/log/maltrail | grep -E '^[^error.log]' | head -1)" | |
maxretry = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/fail2ban/filter.d/maltrial.conf | |
# | |
# Fail2Ban filter for maltrail | |
# | |
[Definition] | |
failregex = (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) [0-9,]* ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* [0-9,]* (.*) | |
(.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) \- ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* \- (.*) | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@host:/etc/fail2ban/filter.d# fail2ban-regex /var/log/maltrail/2016-08-12.log /etc/fail2ban/filter.d/maltrial.conf --print-all-missed | |
Running tests | |
============= | |
Use failregex filter file : maltrial, basedir: /etc/fail2ban | |
Use log file : /var/log/maltrail/2016-08-12.log | |
Use encoding : UTF-8 | |
Results | |
======= | |
Failregex: 548 total | |
|- #) [# of hits] regular expression | |
| 1) [545] (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) [0-9,]* ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* [0-9,]* (.*) | |
| 2) [3] (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) \- ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* \- (.*) | |
`- | |
Ignoreregex: 0 total | |
Date template hits: | |
|- [# of hits] date format | |
| [548] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)? | |
`- | |
Lines: 548 lines, 0 ignored, 548 matched, 0 missed [processed in 0.07 sec] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment