ahhh of course, parses the whole syslog each time, didn't think of that, thanks On 14/06/2010, at 1:01 PM, Lonnie Abelbeck wrote:
> Guy, > > Your solution will only work for a minute or two, until the syslog is > re-examined and re-adds the banned host. > > I suppose you could edit the /var/log/messages file and remove the unwanted > logs containing the valid IP address, but that is a little hackish. > > Lonnie > > > On Jun 13, 2010, at 9:49 PM, Guy Neale wrote: > >> you could also do this to unban a banned IP >> >> ssh or login to your AstLinux >> >> type the following command to view banned IP's "iptables -L >> ADAPTIVE_BAN_CHAIN" >> >> Count the line number to the ip address you wish to unban (see example >> below), eg in my example I want to unban 124.8.0.xxxx, which is on LINE 3 >> >> "iptables -D ADAPTIVE_BAN_CHAIN 3" deletes line 3 from being banned, If I >> wanted to unban 120.153.196.yyy (on LINE 4), I'd enter "iptables -D >> ADAPTIVE_BAN_CHAIN 4" >> >> >> Example >> Chain ADAPTIVE_BAN_CHAIN (2 references) >> target prot opt source destination >> RETURN all -- 10.8.0.0/24 anywhere >> RETURN all -- 10.8.1.0/24 anywhere >> ADAPTIVE_BAN_DROP_CHAIN all -- 124.8.0.xxx anywhere >> ADAPTIVE_BAN_DROP_CHAIN all -- 120.153.196.yyy anywhere >> >> Guy >> >> On 14/06/2010, at 12:22 PM, Lonnie Abelbeck wrote: >> >>> >>> On Jun 13, 2010, at 7:27 PM, d...@ryson.org wrote: >>> >>>> Hello all. >>>> >>>> I have good news; bad news; and a question... >>>> >>>> Here's the good news: Adaptive Ban has proved very effective at killing >>>> break-in attempts from bad-guys. >>>> >>>> The bad news is: One of our off-site users tried to re-install a >>>> soft-phone on his laptop. The user knew his new host address and username >>>> but not the secret. Amazingly, the user repeatedly tried to register, >>>> which resulted in his dynamic IP address quickly being banned. >>>> >>>> As you've likely guessed by now, the question is: What's the best >>>> procedure for un-banning a host? For now, I've just added the IP address >>>> to ADAPTIVE_BAN_WHITELIST, which seems to work. Is there a better way? >>>> >>>> I'd appreciate your thoughts. >>>> >>>> Dan >>> >>> Adding a valid external user's IP address to the ADAPTIVE_BAN_WHITELIST is >>> the best approach, as you have done. >>> >>> When the AstLinux box is rebooted, the RAM based syslog file will be >>> cleared and the valid user's dynamic IP will no longer be needed in the >>> whitelist, but does no harm. >>> >>> Lonnie >>> >>> >>> ------------------------------------------------------------------------------ >>> ThinkGeek and WIRED's GeekDad team up for the Ultimate >>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >>> lucky parental unit. See the prize list and enter to win: >>> http://p.sf.net/sfu/thinkgeek-promo >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >>> >> >> ------------------------------------------------------------------------------ >> ThinkGeek and WIRED's GeekDad team up for the Ultimate >> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >> lucky parental unit. See the prize list and enter to win: >> http://p.sf.net/sfu/thinkgeek-promo_______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
