Saturday, May 20, 2017

ubuntu 12.04 - Run fail2ban without banning



It is possible to run fail2ban in some kind of "simulation mode" so it does not ban but log somewhere who it would have ban?



Running fail2ban on Ubuntu 12.04.


Answer




If you look in jail.conf you'll see a line that says this: 



# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overriden globally or per
# section within jail.local file
banaction = iptables-multiport


All the actions are in /etc/action.d/




You could make one that just sends mail.. there are quite a few actions there already that may do what you want.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...