[Samba] samba and fail2ban
jdmls at yahoo.com
Tue Mar 29 03:29:34 MDT 2011
From: Hajo Locke <hajo.locke at gmx.de>
> > to stop bruteforce logins to samba i want to create a fail2ban-rule which
>blocks IPs with to many login-errors.
> > unfortunately used logins and IPs in samba log are scattered to multiple
>lines so i cant find a relation.
> > i use samba for wan and cant reduce to internal IPs.
> > What ist best in my case to get better logs or stop abusing?
> nobody has an idea? is there no possibility to get logs which show which ip is
>doing too much false logins?
Maybe have a script running in the background, parsing samba log file to create
and alternative log file with all related info on the same line for fail2ban...?
More information about the samba