One thing I'm wondering...
In the filter, you specify where the <HOST> is in the logfile entry. In my
regex below, <HOST> is where the IP address of the remote host is located.
For the action file, where does the <ip> tag originate? Is it something
that is provided in the jails.local file, or is it divined from <HOST> and
supplied by F2B?
I've got the following in 'action.d/solaris-ipf.conf' (using ipfilter.conf
as a template) so far
actionban = echo block in from <ip> | /usr/sbin/ipf -f -
actionunban = echo block in from <ip> | /usr/sbin/ipf -rf -
--Doug
On Tue, Feb 2, 2016 at 9:52 AM, Eckert, Doug <[email protected]>
wrote:
> Thanks for all the replies.
>
> This is an inherited box that we need to keep status-quo for now. I'd just
> like to eliminate the obvious external alphabetic/dictionary logon attempts.
>
> It's got Python 2.4.4, so I dropped down to F2B v0.8.11 and created my own
> filter file (/etc/fail2ban/filter.d/solaris-ftp.conf), which contains
>
> failregex = ^.*ftpd\[.*\sACCESS DENIED\s.*\[<HOST>\]$
> ^.*ftpd\[.*\sFTP LOGIN REFUSED\s.*\[<HOST>\],\s.*$
>
> 'fail2ban-regex' picks up the appropriate log entries. I guess the next
> step is to come up with an action.d/solaris-ipf.conf. Looks like the
> existing 'ipfilter.conf' maybe a good place to start. Path and command
> syntax may be the only changes needed.
>
> --Doug
>
>
>
>
>
>
> On Mon, Feb 1, 2016 at 10:04 PM, Gary R. Schmidt <[email protected]>
> wrote:
>
>> > Has anyone got Fail2Ban (0.9.3) working for FTP on Solaris 10?
>> >
>> > I believe the 'default' ftp was made to look like wu-ftpd, but it
>> > runs as an (inet) service, not a daemon. I see a wuftpd.conf file in
>> > filter.d - perhaps one could be built using that as a template?
>> >
>> > I'm thinking myself in circles...pretty sure it's easier than I'm
>> > making it out to be.
>>
>> The in.ftpd on Solaris is managed by svcadm et al, and yes, it was based
>> on an ancient version of WU-FTPD.
>>
>> If I was exposing an FTP server to the world, I would remove that one
>> and install proftpd from OpenCSW, or license ncftpd, or just about
>> anything else.
>>
>> Cheers,
>> Gary B-)
>>
>>
>> ------------------------------------------------------------------------------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>> _______________________________________________
>> Fail2ban-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>
>
>
> --
>
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
