installation
Code:
 apt-get install fail2ban
touch /etc/fail2ban/filter.d/oscam1.conf
put this into file "oscam1.conf"
Code:
 # Fail2Ban configuration file
#
# Author: copyleft
#
# $Revision 1 $
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the oscam user failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P[\w\-.^_]+)
#          After modifying or adding new expressions test with command,
#          fail2ban-regex /path/to/your/oscam.log /etc/fail2ban/filter.d/oscam1.conf
# Values:  TEXT
#
failregex = (.)*(plain|encrypted) (.)*-client  rejected \((no such user|unknown user)\)$
            (.)*(plain|encrypted) (.)*-client  rejected \(disabled account\)$
            (.)*(plain|encrypted) (.)*-client  rejected \(invalid access\)$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
if for example your oscam port is tcp 12000 and udp 12200, then put this in to "/etc/fail2ban/jail.local"
Code:
 [oscam-tcp]
enabled   = true
filter    = oscam1
port      = 12000
protocol  = tcp
logpath   = /path/to/your/oscam.log
banaction = iptables-multiport
findtime  = 1800
bantime   = 3600

[oscam-udp]
enabled   = true
filter    = oscam1
port      = 12200
protocol  = udp
logpath   = /path/to/your/oscam.log
banaction = iptables-multiport
findtime  = 1800
bantime   = 3600
after changing configuration run
Code:
 service fail2ban restart