Re: fail2ban vs. syslogd compression
On Wednesday 29 August 2007 03:56, G.W. Haywood wrote: > Most offenders > are blocked permanently, at the last count we're blocking about 27,750 > ranges. Our scripts could handle the 'repeat' messages if they needed > to, but they don't. The script kiddies don't get five tries, we block > them after the first. :) Forgive me, but as I understand IP and the whole DHCP concept and whatnot, IP addresses ARE reused after some time. I rarely have the same internet address for more than a month -- and if I randomly ended up with one of your blocked addresses, wouldn't I be an innocent victim? Given the dynamic nature of the internet in general, doesn't it make more sense to block for, maybe 2 months, tops? This isn't meant to downcast your job or anything, I'd just like to know the reasoning behind permanent versus temporary blocks (I use temporary, and it's always done well for me). fail2ban blocks for 10 minutes; 10 minutes has thus far been enough to stop all but the most determined script kiddies, who are then blocked again (and again until they stop). Even using a 450mhz pentium II for my router/firewall, it's not even a noticeable load on the system. -- Sincerely, Jack [EMAIL PROTECTED] My GPG Public Key can be found at: https://www.theanythingbox.com/pgp.htm (top link is current) I appreciate signatures, but if you only know me online, please use the --lsign-key, not the --sign-key. I appreciate trust -- but too much makes it less valuable. pgpIp28y3ZZiN.pgp Description: PGP signature
Re: fail2ban vs. syslogd compression
Ok, thanx to everybody for the advice. I am no step closer to a solution however. I see different routes: 1) Clarify if it is really true that the message "last message repeated \d+ times" does not always refer to the last message, as suggested in one post. I thought that syslogd's raison d'etre was exactly to provide a unified tracking system for log messages, so it really should know where it's messages came from and should take great pains in keeping its output sound. Otherwise, that would be a serious bug, wouldn't it? If the messages are reliable, which I tend to assume, then the obvious patch to fail2ban should work. Unfortunately I can't read greek, so I don't know if more detailed problems are mentioned in the referred to post from greek lug. 2) The other idea is to keep seperate temporary logs, with anti-syslog-compression. it really raises the effort needed to maintain the system (thus makes it likely to break). When I find some time, I'll get in touch with the fail2ban-developers. I am back on the list once I head something useful. Thanks again. Maxim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: missing security updates for powerpc
Hi! For your informations: gpg: Signature made Don 30 Aug 2007 05:14:42 CEST using DSA key ID E68C0092 gpg: BAD signature from "Simon Valiquette (Gulus) <[EMAIL PROTECTED]>" On Wed, Aug 29, 2007 at 11:15:38PM -0400, Simon Valiquette wrote: >On security.debian.org, there is no security update available for > dovecot-common, postfix-policyd and rsync. I see that postfix-policyd is missing but I can't agree for dovecot and rsync. Seems to be a quite recent upload for dovecot at least because when I first read your mail and looked I did see the missing dovecot. I am willing to prepare a postfix-plicyd stable rebuild, if it isn't appearing on the security server within the next some hours. >I would like to know who is responsible for the powerpc security > build, and makes sure he/she knows about the problem (and ideally > heard a bit about what happened). That's rather something you'll have to ask the DSA and/or security team and not on a porter's list. :) >For those that don't want to wait for the upgrade, here the > simple procedure: > > sudo apt-get -Vu build-dep rsync > sudo apt-get -Vu source --compile rsync > dpkg -i rsync_2.6.9-2etch1_powerpc.deb Building on your host system might give you a bit more of worries at times, especially if you have installed backports or unofficial packages. I sugguest to build in a clean chroot, like with cowbuilder (cowdancer package) or pbuilder. So long, Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
