I guess I am still not understanding. This is my adaptive-ban.conf:
adaptive_ban_file="var/log/messages" adaptive_ban_time=120 adaptive_ban_count=1 adaptive_ban_type="sshd asterisk" ** I have attempted to all of these, one at a time, AIF,aif,IDS,ids, into the ban_type and the log says: adaptive-ban: Unsupported type "AIF" (or any of the others) the fail2ban website is french to me, so I think I need a little more guidance. I see the adaptive ban works with types sshd, asterisk, and httpd, but nothing else? I know very little of scripting, an while trying to understand the adaptive-ban.plugin file on fossies.org just isn't making sense to me. ~Benjamin On Sat, 2014-03-01 at 21:57 -0600, Lonnie Abelbeck wrote: > Benjamin, > > The ids-protection plugin is not like fail2ban, our adaptive-ban plugin is > like fail2ban. > > The ids-protection plugin uses iptable's "recent" module, google will help > understand how that works. Only relatively short term ban persistence as I > understand it. > > The adaptive-ban plugin ban persistence is until the next time the firewall > is restarted, and then it will reapply any bans as per the current > /var/log/messages log. > > Lonnie > > > On Mar 1, 2014, at 9:10 PM, Benjamin Naber wrote: > > > Greets all, > > > > I am trying to figure out the IDS ban plugin for the firewall. > > > > I've been told it was similar to fail2ban, however, I have yet to > > understand how to define a statement for (whatever program/plugin) to > > ban an IP for a given length of time when the log on the main page > > states: > > > > AIF:IDS violation: IN=eth1 OUT= > > MAC=00:e0:c5:6a:7e:c4:00:01:5c:3e:b2:41:08:00 SRC=70.67.206.31 DST=[my > > IP] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=27721 DF PROTO=TCP SPT=55260 > > DPT=38438 WINDOW=8192 RES=0x00 SYN URGP=0 > > > > for repeat offenders and IDS is supposed to do something, it does not. > > It simply displays the AIF:IDS violation. > > > > In /mnt/kd/blocked-hosts, when I enter either the host IP, or the > > network/CIDR of the offender, such in this case, 70.67.206.0/24, > > I will never see the address in the messages log trying to access my > > stuff again. > > > > How do I have (whatever it is I need) add that IP address to the > > blocked-hosts file? > > > > I am not interested in a temp ban, as I have blocked IPs for a given > > time, unblocked them, only to find the same IP trying to get into my > > stuff. > > > > Please advise. > > > > ~Benjamin > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected].
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
