Originally Posted by
greengreen
HI, now I'm testing fail2ban and for vsftpd is working but for dropbear not.
I starting dropbear with:
dropbear -E 2> /opt/val/log/dropbear.log and dropbear log is now runing but fai2ban isn't runing witch this log.
my settings fail2ban for ssh is:
jail.conf
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=dropbear, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=mail@blah.com, sender=fail2ban@blah.com]
logpath = /opt/var/log/dropbear.log
maxretry = 3
and i think that failregex in filter.d/sshd.conf is wrong for my log.
How can have to change this failregex??
thanks a lot