Re: [Samba] samba and fail2ban
Hello, to stop bruteforce logins to samba i want to create a fail2ban-rule which blocks IPs with to many login-errors. unfortunately used logins and IPs in samba log are scattered to multiple lines so i cant find a relation. i use samba for wan and cant reduce to internal IPs. What ist best in my case to get better logs or stop abusing? nobody has an idea? is there no possibility to get logs which show which ip is doing too much false logins? Thanks, Hajo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba and fail2ban
From: Hajo Locke hajo.lo...@gmx.de to stop bruteforce logins to samba i want to create a fail2ban-rule which blocks IPs with to many login-errors. unfortunately used logins and IPs in samba log are scattered to multiple lines so i cant find a relation. i use samba for wan and cant reduce to internal IPs. What ist best in my case to get better logs or stop abusing? nobody has an idea? is there no possibility to get logs which show which ip is doing too much false logins? Maybe have a script running in the background, parsing samba log file to create and alternative log file with all related info on the same line for fail2ban...? JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba and fail2ban
Hello, Maybe have a script running in the background, parsing samba log file to create and alternative log file with all related info on the same line for fail2ban...? but problem will still be the same. How to find lines which belonging together? may be in log we have connect from 3 IPs a, b, c and following 1 successful login and 2 false. which ip belongs to the false logins? Every other server i know sends this important messages in one line. Thanks, Hajo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba and fail2ban
On 29 March 2011 12:13, Hajo Locke hajo.lo...@gmx.de wrote: Hello, Maybe have a script running in the background, parsing samba log file to create and alternative log file with all related info on the same line for fail2ban...? but problem will still be the same. How to find lines which belonging together? may be in log we have connect from 3 IPs a, b, c and following 1 successful login and 2 false. which ip belongs to the false logins? Every other server i know sends this important messages in one line. Maybe you can use the full_audit module. e.g. here's an article about it: http://a32.me/2009/10/samba-audit-trail/ -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba and fail2ban
Hello, to stop bruteforce logins to samba i want to create a fail2ban-rule which blocks IPs with to many login-errors. unfortunately used logins and IPs in samba log are scattered to multiple lines so i cant find a relation. i use samba for wan and cant reduce to internal IPs. What ist best in my case to get better logs or stop abusing? Thanks, Hajo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba