Not really an Issue

[windblade89]

I wasn't sure how to add a file but wanted to share my fail2ban conf file for maltrail see below:

[Definition] failregex = ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"known attacker".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"mass scanner".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"malware".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"heuristic".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"attacker".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"reputation".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"potential[^"](web scan|directory traversal|injection|remote code|iot-malware download)".$ ^.?\s+\s+\d+\s+\d+.\d+.\d+.\d+\s+\d+\s+\w+\s+\w+\s+\d+.\d+.\d+.\d+\s+"spammer".*$

[MikhailKasimov]

Hello!

Thank you for sharing! See also "native" Maltrail's funcs:

/maltrail.conf:

https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips

[windblade89]

I tried doing it the other way, but found that this works best for me. Thought I would just share my config. See below MalTrail in action. :-)