Solved with iptables.
Many thanks...
Hello,
Objective:
What I would like to accomplish is :
- To read file1 line by line and search each word in file2.
- To grab corresponding ip addresses found in file2
- To send related ip addresses to fail2ban (not iptables)
By this way, when I want to block any username, I will enter only his username into filtered.txt file and then his connection will be terminated when he tries to login to the system even when he changes his ip address.
Detail:
I have a txt file under /var/text folder and it consists of usernames:
filtered.txt
Code:
mark
angela
dimitriou
anna
michelle
What I need to do is:
1) Search each username (mark, angela, dimitriou, anna, michelle, etc..) in syslog file (it is under /var/log) and print it to a file (iplist)
I already created this file by below command:
Code:
grep -wf /var/test/filtered.txt /var/log/syslog > /var/log/iplist
2) A new fail2ban configuration file will be set. It will read iplist and
I created below conf file:
iplist.conf under /etc/fail2ban/filter.d/
Code:
[Definition]
failregex = mypc_regex_code Network: user .* login attempt from <HOST>
ignoreregex =
mypc_regex_code: It's as shown in syslog file.
I also added below lines into jail.conf in after [ssh] under /etc/fail2ban/
Code:
[iplist]
enabled = true
port = 34567,34789,35890
filter = iplist
logpath = /var/log/iplist
maxretry = 1
bantime = 10800
I stopped and started fail2ban but related ip addresses were not shown in fail2ban.log file. (I am sure that other fail2ban rules are working)
Can anybody give an advice about how to accomplish this objective?
May I add related usernames into deny.hosts file to block the connection?
Thanks in advance
Boris