Re: How we handle attacks?
Is highly recommended use 'Fail2Ban' in victim servers. -- Jhoanir Torres El oct 3, 2013 7:20 AM, Miroslav Suchý msu...@redhat.com escribió: I see in log file of copr-fe-dev a lot of attempts to login as root/postgres/nagios/oracl/**test user. Well it is ~4000 attempts. So it depend on your definition of lot of. But it caught my attention. Do we have some standard procedure how to handle it? Add that IPs to blacklist? Move ssh port to non standard number? Or should I just ignore them? -- Miroslav Suchy, RHCE, RHCDS Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys __**_ infrastructure mailing list infrastructure@lists.**fedoraproject.orginfrastructure@lists.fedoraproject.org https://admin.fedoraproject.**org/mailman/listinfo/**infrastructurehttps://admin.fedoraproject.org/mailman/listinfo/infrastructure ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: How we handle attacks?
On 10/03/2013 02:55 PM, Jhoanir Torres wrote: Is highly recommended use 'Fail2Ban' in victim servers. And do we already use it? Because git grep in ansible.git returns zero to me. -- Miroslav Suchy, RHCE, RHCDS Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: How we handle attacks?
On Thu, 3 Oct 2013 07:40:10 -0700 Toshio Kuratomi a.bad...@gmail.com wrote: On Thu, Oct 03, 2013 at 03:10:13PM +0200, Miroslav Suchý wrote: On 10/03/2013 02:55 PM, Jhoanir Torres wrote: Is highly recommended use 'Fail2Ban' in victim servers. And do we already use it? Because git grep in ansible.git returns zero to me. We use denyhosts which serves a similar purpose but bans ips in a different way. Yeah, we use denyhosts. We might want to look at all the options in this space again at some point however. I think denyhosts isn't maintained much upstream anymore and thus is not porting to journald, so with newer releases it's likely to stop working. ;( kevin signature.asc Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: How we handle attacks?
On Thu, Oct 03, 2013 at 09:29:36AM -0600, Kevin Fenzi wrote: We might want to look at all the options in this space again at some point however. I think denyhosts isn't maintained much upstream anymore and thus is not porting to journald, so with newer releases it's likely to stop working. ;( FWIW fail2ban _is_ porting to journald. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
reminder: I'll be out tomorrow and next week
Just a reminder that I am heading out on vacation tomorrow and will be out all next week. ;) if you need me for something urgent, please catch me today. If you need something while I am gone, please file a ticket or direct your issue to someone else to take care of. ;) kevin signature.asc Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: How we handle attacks?
On 03/10/13 16:34, Matthew Miller wrote: On Thu, Oct 03, 2013 at 09:29:36AM -0600, Kevin Fenzi wrote: We might want to look at all the options in this space again at some point however. I think denyhosts isn't maintained much upstream anymore and thus is not porting to journald, so with newer releases it's likely to stop working. ;( FWIW fail2ban _is_ porting to journald. But fail2ban still does not support IPv6, which is mildly irritating. Further they seem to be dragging their feet about the issue, even though a few people have tried making patches for it. I believe it has something to do with the way it is implemented, which would require a partial rewrite ideally. Also there has been a debate on setting different IPv6 subnet bans, which is where partially the hold-up rests. I hope the issue gets resolved soon. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Summary/Minutes from today's Fedora Infrastructure meeting (2013-10-03)
#fedora-meeting: Infrastructure (2013-10-03) Meeting started by nirik at 19:00:00 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2013-10-03/infrastructure.2013-10-03-19.00.log.html . Meeting summary --- * welcome to all and to all a welcome (nirik, 19:00:01) * New folks introductions and Apprentice tasks (nirik, 19:02:13) * Applications status / discussion (nirik, 19:07:43) * https://apps.fedoraproject.org/nuancier/ was deployed (nirik, 19:08:21) * Sysadmin status / discussion (nirik, 19:16:37) * Upcoming Tasks/Items (nirik, 19:25:03) * LINK: https://apps.fedoraproject.org/calendar/list/infrastructure/ (nirik, 19:25:03) * Open Floor (nirik, 19:26:31) * LINK: https://fedorahosted.org/fedora-infrastructure/ticket/4020 and https://fedorahosted.org/fedora-infrastructure/ticket/3985 in particular. Are those still needing things? or done? (nirik, 19:32:17) Meeting ended at 19:40:33 UTC. Action Items Action Items, by person --- * **UNASSIGNED** * (none) People Present (lines said) --- * nirik (88) * croberts (26) * smooge (14) * oddshocks (7) * abadger1999 (5) * mirek (5) * zodbot (4) * adimania (2) * handsome_pirate (2) * robyduck (1) * ausmarton (1) * kushalkhandelwal (1) * relrod (1) * dgilmore (1) * puiterwijk (0) * lmacken (0) * threebean (0) * mdomsch (0) * pingou (0) -- 19:00:00 nirik #startmeeting Infrastructure (2013-10-03) 19:00:01 zodbot Meeting started Thu Oct 3 19:00:00 2013 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:01 zodbot Useful Commands: #action #agreed #halp #info #idea #link #topic. 19:00:01 nirik #meetingname infrastructure 19:00:01 nirik #topic welcome to all and to all a welcome 19:00:01 nirik #chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk 19:00:01 zodbot The meeting name has been set to 'infrastructure' 19:00:01 zodbot Current chairs: abadger1999 dgilmore lmacken mdomsch nirik pingou puiterwijk relrod smooge threebean 19:00:08 abadger1999 hola 19:00:15 adimania Hi 19:00:31 kushalkhandelwal Hey 19:00:41 croberts hi 19:00:51 dgilmore hola, I will be in and out, I have a parent teacher meeting in 30 mins 19:00:58 * mirek is here 19:01:26 * relrod here 19:01:55 * robyduck in 19:02:05 nirik welcome everyone. 19:02:13 nirik #topic New folks introductions and Apprentice tasks 19:02:21 nirik any new folks want to introduce themselves? 19:02:27 nirik or apprentices with questions or comments? 19:02:57 croberts only thing i had i asked you in the noc channel 19:02:57 * ausmarton is here 19:03:08 croberts was worried about getting the email turned in time :) 19:03:19 croberts on* 19:03:44 nirik no worries. Yeah, for any apprentices that got my october status email, do get a reply to me before about the 14th. ;) 19:03:59 mirek I have question - if I want to learn how to deploy some app as ordinary application, where should I start? I there some docs? Or what app is good example? Are those setup stored in ansible.git as well? 19:04:00 nirik Thats when I will prune out inactive folks (after I get back) 19:04:19 mirek I tried to look on how is setup fpaste, but could not find it 19:04:28 nirik mirek: good question. ;) I don't know that we have much in the way of generic docs... 19:04:35 nirik much of our setup is still in puppet. 19:04:48 croberts nirik: i do have a question but i will for open floor 19:04:54 nirik a good one to look at in ansible might be nuancier ? 19:05:02 nirik we just deployed that one, so it's mostly in ansible. 19:05:08 croberts its about the magazine 19:05:25 nirik however, since our proxies are still in puppet, the proxy config for it is still in puppet as well... 19:05:33 nirik croberts: ok. 19:06:07 nirik mirek: does that help any? 19:06:15 mirek ok, I will check nuancier, thx 19:06:45 nirik mirek: the puppet repo is also on lockbox... 'git clone /git/puppet' 19:07:06 nirik cool. 19:07:29 nirik any other intros or general questions? if not, moving on... 19:07:43 nirik #topic Applications status / discussion 19:07:51 nirik any application news or plans or discussion? 19:07:56 mirek status of copr - still no disk space, still no hosting. the contacts are unresponsive (although I'm asking every day). I would like to go way: deploy -fe and -be as ordinary applicaton, leave just builders in cloud. and try to merge disk spaces from cloud nodes and export it to backend. If this setup will be problematic (due network setup) we can keep backup in cloud as well, which should be little bit easier. 19:08:21 nirik #info https://apps.fedoraproject.org/nuancier/ was deployed 19:08:59 nirik mirek: I dropped the ball there, was going to ping my cloud contact, but forgot. I can do so after the meeting. 19:11:08 * nirik gets a
