我在某些CentOS 5和6服务器上配置了
fail2ban,并且只要IP被禁止,它就会向我发送一封带有IP的whois的电子邮件.是否可以将fail2ban配置为还从whois报告向电子邮件发送通知?
这是我的jail配置:
# /etc/fail2ban/jail.conf [ssh-iptables] enabled = true filter = sshd action = iptables-allports[name=SSH,protocol=all] sendmail-whois[name=SSH,dest=root@mydomain.com,sender=fail2ban] logpath = /var/log/secure maxretry = 3
是否有某种变量我可以把它发送到whois电子邮件?
解决方法
看起来有一个与fail2ban一起调用抱怨的动作.请注意抱怨[logpath = / var / log / secure]的行:
# /etc/fail2ban/jail.conf [ssh-iptables] enabled = true filter = sshd action = iptables-allports[name=SSH,sender=fail2ban] complain[logpath=/var/log/secure] logpath = /var/log/secure maxretry = 3
添加该行并重新启动fail2ban服务.操作conf文件是/etc/fail2ban/action.d/complain.conf.简短的介绍:
Sends a complaint e-mail to addresses listed in the whois record for an offending IP address.