Salut, am facut eu de ceva vreme ...
in fisierul /etc/fail2ban/jail.conf bagi asta
Code:
[oscam-tcp]
enabled = true
filter = oscam
port = 12200
protocol = tcp
logpath = /var/log/oscam/oscamuser.log
banaction = iptables-allports
findtime = 1800
bantime = 36000
bineinteles schimbi portul si logpath daca difera.
jar in folderul /etc/fail2ban/filter.d creezi un fisier oscam.conf si bagi asta in fisier
Code:
# Fail2Ban configuration file
#
# Author: Bust3D
#
[Definition]
# Option: failregex
# Notes.: regex to match the oscam user failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# After modifying or adding new expressions test with command,
# fail2ban-regex /path/to/your/oscam.log /etc/fail2ban/filter.d/oscam1.conf
# Values: TEXT
#
failregex = (.)*(plain|encrypted) (.)*-client <HOST> rejected \((no such user|unknown user)\)$
(.)*(plain|encrypted) (.)*-client <HOST> rejected \(disabled account\)$
(.)*(plain|encrypted) (.)*-client <HOST> rejected \(invalid access\)$
(.)*duplicate user '(.)*' from <HOST> (.)*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Aici am facut sa recunoasca user necunoscut , conturi blocate si utilizatori duplicate.
Sper sa va fie de folos.
Sarbatori fericite :P