I am using fail2ban for about some month and did get much mails on ssh attacks.
Therefor I wrote a script to send an abuse mail to the IP owner, greping from the ripe email fail2ban provides on ban.
on first step the scipt greps for an abuse email address,
if not found greps for other provider emails.
I did use a mailbox for receiving emails and an other for reply to.
The email send also an output of /var/log/messages concerning the blocked IP.
Could please prove If you could add this feater in on of the next fail2ban releases?
I am running the script by an hourly cronjob.
the script is attached.
I am using fail2ban
rpm -q fail2ban
installed by rpm on openSUSE 11.0
Log in to post a comment.