Difference between revisions of "ASSP"
From Fail2ban
Jump to navigationJump to search (Added ASSP filter and jail configuration) |
Daniel.subs (talk | contribs) |
||
| (7 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== ASSP filter for Fail2ban == | == ASSP filter for Fail2ban == | ||
| − | + | Included since fail2ban-0.8.9 | |
| − | Add this section to your '''/etc/fail2ban/jail. | + | If you have an older version grab a copy of the filter from [https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/assp.conf Latest Version]. Place this in the file '''/etc/fail2ban/filter.d/assp.conf'''. |
| + | |||
| + | |||
| + | Add this section to your '''/etc/fail2ban/jail.local''' file: | ||
[assp] | [assp] | ||
| Line 10: | Line 13: | ||
port = smtp,ssmtp | port = smtp,ssmtp | ||
filter = assp | filter = assp | ||
| + | action = iptables[name=ASSP, port=25, protocol=tcp] | ||
| + | sendmail-whois[name=ASSP, dest=email@domain.com] | ||
logpath = /var/log/assp/maillog.txt | logpath = /var/log/assp/maillog.txt | ||
| − | '''IMPORTANT:''' Symlink | + | '''IMPORTANT:''' Symlink the '''logs''' subdirectory of your ASSP installation as '''/var/log/assp''' or change the '''logpath''' in your jail configuration to point to ASSP's '''maillog.txt''' file. |
Don't forget to '''restart fail2ban'''. | Don't forget to '''restart fail2ban'''. | ||
Check the end of your '''fail2ban.log''' whether fail2ban picked up ASSP's log file. | Check the end of your '''fail2ban.log''' whether fail2ban picked up ASSP's log file. | ||
Latest revision as of 02:09, 15 March 2014
ASSP filter for Fail2ban
Included since fail2ban-0.8.9
If you have an older version grab a copy of the filter from Latest Version. Place this in the file /etc/fail2ban/filter.d/assp.conf.
Add this section to your /etc/fail2ban/jail.local file:
[assp]
enabled = true
port = smtp,ssmtp
filter = assp
action = iptables[name=ASSP, port=25, protocol=tcp]
sendmail-whois[name=ASSP, dest=email@domain.com]
logpath = /var/log/assp/maillog.txt
IMPORTANT: Symlink the logs subdirectory of your ASSP installation as /var/log/assp or change the logpath in your jail configuration to point to ASSP's maillog.txt file.
Don't forget to restart fail2ban.
Check the end of your fail2ban.log whether fail2ban picked up ASSP's log file.
