Open windblade89 opened 3 days ago
Hello!
Thank you for sharing! See also "native" Maltrail's funcs:
/maltrail.conf
:
I tried doing it the other way, but found that this works best for me. Thought I would just share my config. See below MalTrail in action. :-)
I wasn't sure how to add a file but wanted to share my fail2ban conf file for maltrail see below:
[Definition] failregex = ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"known attacker". $
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"mass scanner". $
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"malware". $
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"heuristic". $
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"attacker". $
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"reputation". $
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"potential[^"] (web scan|directory traversal|injection|remote code|iot-malware download)".$
^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"spammer".*$