1

I got fail2ban and logwatch running on my server. Each day I have a few IP:s that's been probing my server and also a few "Attempts to use known hacks", as it states in the daily mail.

I would like to block these IP:s using the knowledge of logwatch, since it apparently knows what "known hacks" are. By looking trough the apache access logs I don't quite understand what logwatch refers to.

As I said, fail2ban is installed and uses UFW as block action. Is there somehow possible to block these IP:s that are recognized by logwatch? fail2ban doesn't seem to block them.

Thanks, Daniel

Daniel Holm
  • 630
  • 1
  • 5
  • 15
  • 1
    Hello, Daniel, I haven't used fail2ban nor Logwatch yet and can't provide an answer. But I want to present to your curiosity this topic: [I need rules to drop some malicious Apache connection](https://askubuntu.com/q/922085/566421). Regards, Spas – pa4080 Mar 19 '19 at 19:58

0 Answers0