From: Reynold M. <rmc...@su...> - 2008-01-21 00:29:42
|
Cyril, Thanks for the reply... in my case I am working with a lot of NAT'ed addresses so I can not use the IP address to create a 'blocking' rule. If I were to block the NAT'ed IP address I would be affecting thousands of users, not just the one or two who are being a problem. If I can get the username from the log, I can use a shell script to disable that particular user login etc. In this particular application, I'd be telling fail2ban to shell out to perl and do a whole host of things to that users account to disable their access and email the admins of the issue. I can live with the fact that fail2ban needs an IP address, and don't get me wrong, the product works great and I am using it on many hosts for SSH DDOS etc. What I would need is the ability for it to not only recognize the IP address but also let me know what the user name is, or use both IP and Username to figure out when to ban. etc. Then be able to use <user> or something in the shell script line to run the program etc. - Reynold Cyril Jaquier wrote: > Hi Reynold, > >> Unfortunately that did not work. >> > > Yes, because fail2ban currently *needs* an IP address. > >> Has anyone adapted this software to users instead of ip addresses for >> nat'ed hosts etc? >> > > I will try to add such feature. Could you maybe give a use case? > >> If the IP we're all looking at happens to be a natted address, that will >> effect many users, not a single offending machine. >> >> Being able to grab the user name and do something with that would be >> beneficial. >> > > What would you do with the user name? > > Thank you. > > Cyril |