Bug#983399: filter for portscans detected by scanlogd

Mike Gabriel Tue, 23 Feb 2021 11:18:39 -0800

Package: fail2ban
Severity: whislist
Tags: patch

Hi,

today I worked on a fail2ban filter rule that is able to filter out log lines from scanlogd. The scanlogd daemon is a port scan detector.


This is my /etc/fail2ban/filter.d/scanlogd.conf file:

```
# Fail2Ban filter for port scans detected by scanlogd

[Definition]

failregex = scanlogd:\ <HOST>\ to\ .*\ ports\ .*

ignoreregex =

# Author: Mike Gabriel <mike.gabr...@das-netzwerkteam.de>
```

Hope, this is helpful.

Mike


--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

pgpNGgfAHNsmz.pgp
Description: Digitale PGP-Signatur

Bug#983399: filter for portscans detected by scanlogd

Reply via email to