Hi Everyone,
Thanks to the contribution and patience (shame on me, it took my way to
loong to get to it) of Zbyszek Szmek there is an action file and
instructions on how to run fail2ban as some non-root user (just needs
access to log files) and ban IPs using xt_recent facility of iptables:
/proc/net/xt_recent/* is created by the xt_recent kernel module when
an iptables rule with '-m limit' is inserted. This file contains a
dynamic list of IP addresses which can than be used in iptables rules.
Addresses can be matched against this list, with an optional timeout.
One way to use xt_recent is to insert IPs into this list from an
iptables rule, e.g. after connecting to the SSH port three times in a
minute. This is the standard usage described in iptables(3).
doc/run-rootless.txt in git's master branch has additional details and
freshly uploaded 0.8.6-2 carries also all necessary changes for
init.d system.
Cheers,
--
=------------------------------------------------------------------=
Keep in touch http://www.onerussian.com
Yaroslav Halchenko http://www.ohloh.net/accounts/yarikoptic
|