[prev in list] [next in list] [prev in thread] [next in thread]
List: fail2ban-users
Subject: [Fail2ban-users] custom filter and action variables
From: maillist.fail2ban () mail ! heirich ! name
Date: 2021-04-14 16:03:19
Message-ID: 20210414160319.GA31384 () austria136 ! server4you ! de
[Download RAW message or body]
nashi@otenet.gr wrote:
> but I want on action beside the ban ip, to send also corresponding log line
i've made something looks alike.
However, all bans are recorded in /var/lib/fail2ban/fail2ban.sqlite3
try sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans;"
timestamp is in field timeofban as usual unix date.
IIRC <time> could be used in action etc., but is seconds since january 1st 1970.
regards Peter
PS: sorry sent twice, From: doesn't matched mailinglist filter
["INFO-mail.conf" (text/plain)]
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#
[Definition]
# bypass ban/unban for restored tickets
norestored = 1
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = /bin/true
# printf %%b "Hi,\n
# The jail <name> has been started successfully.\n
# Regards,\n
# Fail2Ban"|mail -s "[Fail2Ban] <name>: started on `uname -n`" <dest>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = /bin/true
# printf %%b "Hi,\n
# The jail <name> has been stopped.\n
# Regards,\n
# Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on `uname -n`" <dest>
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = tail -n 20 /var/log/httpd/access_log >/var/tmp/f2b-INFO-mail-$$.txt
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = grep -h "<ip>" /var/tmp/f2b-INFO-mail-*.txt \
>/var/tmp/f2b-INFO-grep-$$.txt; printf %%b "Hi,\n The IP <ip> has just been \
> recognized by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban\n\n" |cat "-" /var/tmp/f2b-INFO-grep-*.txt |mail -s "[Fail2Ban] \
<name>: recognized from <ip> to `uname -n` at <time>" <dest> ; rm -f \
/var/tmp/f2b-INFO-grep-*.txt ; rm -f /var/tmp/f2b-INFO-mail-*.txt
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =
[Init]
# Default name of the chain
#
name = default
# Destination/Addressee of the mail
#
dest = root
["INFO-apache.local" (text/plain)]
[INFO-apache]
maxretry = 1
enabled = true
findtime = 2
bantime = 600
banaction = INFO-mail
logpath = %(apache_access_log)s
["INFO-apache.conf" (text/plain)]
# Fail2Ban configuration file
#
# Regexp to catch access to apache we wont know about.
[Definition]
observecustom = /bnd/nov_xx.log.tar.gz
observe = robots.txt
failregex = ^<HOST> -.*"(GET|POST|HEAD).*(?:%(observe)s|%(observecustom)s).*HTTP/1[.][01]".*$
^\[\] \[\S+:\d+\] \[client \
<HOST>(:\d{1,5})?\].*"(GET|POST|HEAD).*(?:%(observe)s|%(observecustom)s).+HTTP/1[.][01]" \
\d+ \d+ ".*" ".*"$
ignoreregex =
datepattern = ^[^\[]*\[({DATE})
{^LN-BEG}
# DEV Notes:
# List of bad bots fetched from http://www.user-agents.org
# Generated on Thu Nov 7 14:23:35 PST 2013 by files/gen_badbots.
#
# Author: Yaroslav Halchenko
#
# rewritten by Peter Heirich for a different logformat
#
#[02/Apr/2017:09:18:31 +0200] [heirich.eu:80] [client 94.223.140.41] - - "GET \
/xyz.php HTTP/1.1" 403 488 "-" "Wget/1.14 (linux-gnu)" # first - : logname from \
identd, if supplied ; This will be a dash unless mod_ident is present and \
IdentityCheck is set On. # second - : username, if http request was sent using auth \
header # third - : referer, if any in request
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic