[TriLUG] fail2ban -> twitter
option8 at option8.com
Wed Apr 28 10:40:14 EDT 2010
i'm using fail2ban to help keep dictionary attacks and brute-force
attempts on my mail server at bay. i've also been logging those IPs
that are blocked on a twitter stream: http://twitter.com/bannedIPs/.
i'm not the only one, either: http://twitter.com/fail2ban
i was using a default action to email the bans to an email to twitter
gateway, but that gateway has since run into some SMTP server issues,
and my mails were piling up in the queue. i found a script that will
tweet using curl:
curl -u twitterusername:password -d status="[MESSAGE]" http://twitter.com/statuses/update.xml
in a new fail2ban action (actions.d/tweet.conf) i've got this:
printf %%b "`curl -u USERNAME:PASSWORD -d status=\"<ip>\" http://twitter.com/statuses/update.xml
`\n\n" >> /var/log/messages
which, i believe, should append the output of the curl command into /
var/log/messages, e.g. a bunch of XML from twitter saying my status
this works if i put this straight on the command line, but nothing
seems to happen when fail2ban actually triggers a ban.
anyone have some insights into making this work?
Option8, LLC - Making Macs happy since 1999.
option8 at option8.com | http://www.option8consulting.com
More information about the TriLUG