W dniu 2013-04-06 13:18, Reindl Harald pisze: > Hi Hi!
> has someone a script which can filter out dictionary attacks > from /var/log/maillog and notify about the source-IPs? > > i know about fail2ban and so on, but i would like to have > a mail with the IP address for two reasons and avoid fail2ban > at all because it does not match in the way we maintain firewalls > > * add the IP to a distributed "iptables-block.sh" and distribute > it to any server with a comment and timestamp > * write a abuse-mail to the ISP > What about ...fail2ban?:) You can define to run any script when fail2ban detects bruteforce. You can pass <ip> as parameter to script. Fail2ban can also send email to proper abuse. Maybe I'm wrong but reading what you wrote about needings it looks fail2ban can do it. Marcin
