On Wed, 23 Apr 2014 07:28:06 +0800, Greg Kuhnert wrote: > Hi Will.
> > On 22 Apr 2014, at 3:01 am, Will Nordmeyer, WnA Consulting Services wrote: > > > > On my server, it seems that one mistake entering the admin password (and > > maybe site admin passwords) blocks the offending IP. Since I have a rather > > complex admin password, I'd like to tweak dfix/dfix2 to give me a slightly > > wider allowance. > > > > I've reviewed dfix2.sh but that just has a start/stop process - the start > > process makes sure the iptables lists exist, and sets up a list of trusted > > IPs from the ifconfig & resolv.conf file. > > > > dfix.sh appears to do all the work but I haven't managed to track exactly > > where the limit for bad password is set. > > > > I'd also like to improve the logging so that when it blocks an IP, it gives > > the reason behind it. > > > Initially, have a look at /var/log/sec to see details of a reason for > block. There are rule names like ssh-b1... Let me know which one is hitting > your log file in this situation, and I can tell you how to tweak. > > Note: I am away travelling, but I'll get you a response asap. > > Greg. Greg, Thanks for taking a look - in the case I'm dealing with (one of my users is website admin on about 40% of my server), it is accesslog-b2. I think I'm just not looking at some of the right files. --Will _______________________________________________ Blueonyx mailing list [email protected] http://mail.blueonyx.it/mailman/listinfo/blueonyx
