[TriLUG] fail2ban -> twitter
Charles Mangin
option8 at option8.com
Wed Apr 28 10:40:14 EDT 2010
hi all.
i'm using fail2ban to help keep dictionary attacks and brute-force
attempts on my mail server at bay. i've also been logging those IPs
that are blocked on a twitter stream: http://twitter.com/bannedIPs/.
i'm not the only one, either: http://twitter.com/fail2ban
i was using a default action to email the bans to an email to twitter
gateway, but that gateway has since run into some SMTP server issues,
and my mails were piling up in the queue. i found a script that will
tweet using curl:
curl -u twitterusername:password -d status="[MESSAGE]" http://twitter.com/statuses/update.xml
in a new fail2ban action (actions.d/tweet.conf) i've got this:
printf %%b "`curl -u USERNAME:PASSWORD -d status=\"<ip>\" http://twitter.com/statuses/update.xml
`\n\n" >> /var/log/messages
which, i believe, should append the output of the curl command into /
var/log/messages, e.g. a bunch of XML from twitter saying my status
was updated.
this works if i put this straight on the command line, but nothing
seems to happen when fail2ban actually triggers a ban.
anyone have some insights into making this work?
Charles Mangin
Option8, LLC - Making Macs happy since 1999.
option8 at option8.com | http://www.option8consulting.com
mobile: 919.368.7167
skype: option8llc
More information about the TriLUG
mailing list