-google-ads-
2012
12.07

When you use DenyHost and not Fail2Ban, you can use BlockList.de with a small Plugin (Script) without fail2ban.

Download the Script or add a new .SH-File on your System like /usr/share/denyhosts/DenyHosts/blocklist.de-reporting.sh with the following Code:

<code>

#!/bin/bash
SENDERMAIL='fail2ban@DEINE-DOMAIN'
DESTINATIONMAIL='fail2ban@blocklist.de'
SSHLOG='/var/log/auth.log'

if [ -z $1 ]; then
echo "IP-Adresse nicht uebergeben...." ;
exit;
fi
IP=$1

LOGS=`grep $IP $SSHLOG | tail -n 50`

TEXT="sended from denyhost Plugin

Lines containing IP$IP:
$LOGS

Regards,
Fail2Ban"

SENDE=`echo "$TEXT" | mail -s "[Fail2Ban] ssh: banned $IP" -r $SENDERMAIL $DESTINATIONMAIL`

</code>

Change the SENDERMAIL to your Address whith the same Address that you have add on blocklist.de under your Server-Profil.

Then edit the /etc/denyhosts.conf and add the Script in the PLUGIN_DENY like this:

PLUGIN_DENY=/usr/share/denyhosts/DenyHosts/blocklist.de-reporting.sh

restart denyhost and you send the Logfiles from SSH-Attacks to blocklist and we can report them.

 

-google-ads-

Kein Kommentar

Kommentieren

Dein Kommentar