[Fail2ban-users] trunck: V0.90 some questions, adiziones, hintos, read please all ; -)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

hi there

according to my renew on my fail2ban_installations on any servers, I
want to build some new features....

1.
1st feature is build very well: 
dshield.conf 
=========
(from russel in GB)

2.
I'm just now on complain.conf
======================
It seems a very interesting feature. the idea ist (from russel in GB):
# Sends a complaint e-mail to addresses listed in the whois record for
# an offending IP address.                                             

are there any colleague, who succesfully build this in?
my problem is: I can't do so much tests, complain.conf !is! sending
real emails!
and I don't want to have rubish emails, send out from !my! system ;-) .
its so easy to geton a blacklist ;-(

russell wrote in complain.conf:
# You should provide the <logpath> in the jail config - lines from the
# log matching the given IP address will be provided in the complaint
# as
evidence.

how?
===
maybe
on
http://www.thanosk.net/content/securing-plesk-installation-using-fail2ba

n is a correct answer:

[ssh-iptables]
enabled  = true
filter         = sshd
action     = iptables[name=SSH, port=ssh, protocol=tcp]
                   sendmail-whois[name=SSH, dest=th...@th...,
sender=fai...@ma...]
                   complain[logpath=/var/log/secure]
logpath    = /var/log/secure
maxretry = 3
bantime  = 43200
ok, I'll give it a try! ;-)

3. 
there was a typo in last email (sorry)
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
for some of us, who have problems, whynot have a look on above citatd
page?! ;-)

4. a small hint, for someone like me, who have more than one server:
look deeply in dshield.local AND jail.local
your emailadress in "sender=fail2ban@beate_uhse.com"
must be different!!! if You have more than one servers... ;-)

5. who is CorvusCorax? Do You listen here????
Corvus has written some interesting thing: in :
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
"Bruteforce from Botnets (by CorvusCorax)"
where is this perl-script?
;-)

6. -> Gregg Lain hat wrote a nice checking script:
see more on:
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
befor I run this script, I must change:
4-5x /usr/bin into /usr/local/bin   (we have suse_linux)
this is my result:

-----------   fail2ban setup check
------------------------------------------------------------
fail2ban                  0:off   1:off   2:off   3:on    4:off   5:on 
  6:off
Checking for service Fail2ban                                          
                   running    

no more!
-> Gregg:  is it correct?
-> Gregg: what is "apg" ?( I have'nt found in my
linux(suse)-distribution...)

7. ->buanzano-> psad
psad is last affaire on my list. I don't want to used by programs like
nmap...
----> arturo . where is psad?
I will reconstruct it from groupmail: Sat, 01 May 2010 13:26:02 +0000
what is happened with psad?

Yours
klaus