Update README.md

2015-11-23 12:53:50 +01:00
parent 212cad47ca
commit 7ddfd97d33
1 changed files with 17 additions and 24 deletions
--- a/README.md
+++ b/README.md
@@ -8,15 +8,9 @@ To get more power out of fail2ban you can combine it with http://blocklist.de
 ## New jail for fail2ban
 ```
 [ssh-blocklist]
- 
-enabled  = true
-port     = ssh
-filter   = blocklist
-logpath  = /var/log/blocklist.log
-maxretry = 1
-bantime  = 86400
-action   = %(action_)s
+...
 ```
+see [jail.local](jail.local)
 * Monitor ssh port and uses the filter blocklist with the logfile blocklist.log.
 * All found IPs will be blocked after 1 attempt for 1 day.

@@ -26,29 +20,28 @@ action   = %(action_)s
 # Fail2Ban configuration file
 
 [Definition]
- 
-# Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values:  TEXT
-#
-failregex = ^ *: *<HOST>$
- 
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex = 
+...
 ```
+see [blocklist.conf](blocklist.conf)

 ## Get the IPs
 ```
-run blocklist.de-update.sh from Terminal
+./blocklist.de-update.sh
 ```
+run [blocklist.de-update.sh](blocklist.de-update.sh) from Terminal

 ## Restart service
 ```
 service fail2ban restart
 ```
+
+## Cron job
+Call the script each hour to fetch the last IP list for SSH
+```
+0 * * * * $PATH_TO_FILE$/blocklist.de-update.sh ssh 3600
+```
+
+## Monitoring
+```
+tail -f /var/log/auth.log /var/log/fail2ban.log
+```