Skip to content
Ban IP's after too many connections to a cowrie instance
Branch: master
Clone or download
Pull request Compare This branch is even with RoastingMalware:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
filter.d
jail.d
LICENSE
README.md

README.md

cowrie-fail2ban

Ban IP's after too many connections to a cowrie instance.
In its default config, point the jail to your cowrie.log and it will ban a source IP if it connected more than 40 times in the last 12 hours. The IP will be banned for 12 hours.

Installation

Clone the repo to your machine. if you're only using fail2ban for cowrie, you can just copy / clone the files to /etc/fail2ban/.

Requirements

Fail2ban needs to be installed

You can’t perform that action at this time.