[TriLUG] fail2ban -> twitter

Clay Stuckey claystuckey at gmail.com
Wed Apr 28 10:43:14 EDT 2010


What port/service is being attacked?



--
Clay Stuckey - RHCE, LPIC1, CCNA, MCSE
claystuckey at gmail.com
(919) 600-0486 cell
(919) 531-1792 office (till the end of May)


-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf
Of Charles Mangin
Sent: Wednesday, April 28, 2010 10:40 AM
To: Triangle Linux Users Group General Discussion
Subject: [TriLUG] fail2ban -> twitter

hi all.

i'm using fail2ban to help keep dictionary attacks and brute-force  
attempts on my mail server at bay. i've also been logging those IPs  
that are blocked on a twitter stream: http://twitter.com/bannedIPs/.   
i'm not the only one, either:  http://twitter.com/fail2ban

i was using a default action to email the bans to an email to twitter  
gateway, but that gateway has since run into some SMTP server issues,  
and my mails were piling up in the queue. i found a script that will  
tweet using curl:
curl -u twitterusername:password -d status="[MESSAGE]"
http://twitter.com/statuses/update.xml

in a new fail2ban action (actions.d/tweet.conf) i've got this:

printf %%b "`curl -u USERNAME:PASSWORD -d status=\"<ip>\"
http://twitter.com/statuses/update.xml 
`\n\n" >> /var/log/messages

which, i believe, should append the output of the curl command into / 
var/log/messages, e.g. a bunch of XML from twitter saying my status  
was updated.

this works if i put this straight on the command line, but nothing  
seems to happen when fail2ban actually triggers a ban.

anyone have some insights into making this work?




Charles Mangin
Option8, LLC - Making Macs happy since 1999.
option8 at option8.com | http://www.option8consulting.com
mobile: 919.368.7167
skype: option8llc




-- 
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5106 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20100428/db1dde43/attachment.bin>


More information about the TriLUG mailing list