On 1/6/21 2:57 AM, Gary Stainburn wrote:
2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR
7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ",
" " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source
address='113.110.47.81' port port='$p' protocol='tcp' r
Hi everyone,
I've got fail2ban and firewalld set up on a C7 box, in theory protecting
dovecot, exim and ssh but I'm not convinced it's doing anything.
in /var/log/fail2ban.log I'm getting loads of entries such as:
2020-12-22 19:08:08,100 fail2ban.actions [1836]: WARNING
[dovecot] 78.1
On 4/9/20 6:31 AM, Andreas Haumer wrote:
...
I'm neither a fail2ban nor a SELinux expert, but it seems the
standard fail2ban SELinux policy as provided by CentOS 7 is not
sufficient anymore and the recent updates did not correctly
update the required SELinux policies.
I could report this as bug,
Hi!
Am 09.04.20 um 10:07 schrieb Rob Kampen:
[...]
> I too had fail2ban fail after an otherwise successful yum update. Mine
> occurred in Feb when my versions of firewalld etc were updated to the
> versions you show. Thus far I have not had the opportunity to sort the
> problem. Lockdown has be
On 9/04/20 7:48 pm, Andreas Haumer wrote:
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewal
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewalld to manage the firewall rules.
Fail2an is
On Tuesday 07 April 2020 10:09:07 Marius ROMAN wrote:
> "ipset v7.1: Syntax error: '360' is out of range 0-2147483"
> This is the problem. You could try to reduce the 'ban' time (for whatever
> rules you have for dovecot) so that it would be in that interval and restart
> fail2ban service.
>
Am 07.04.2020 um 10:54 schrieb Gary Stainburn:
2020-04-07 09:42:06,981 fail2ban.utils [16138]: ERROR 7ff736d6f930
-- exec: ipset create f2b-dovecot hash:ip timeout 360
[ ... ]
2020-04-07 09:42:06,982 fail2ban.utils [16138]: ERROR 7ff736d6f930 -- stderr:
"ipset v7.1:
On 4/7/20 11:54 AM, Gary Stainburn wrote:
I have fail2ban on my mail server monitoring Dovecot and Exim.
I have noticed that it has stopped banning IP's. I have seen in
/var/log/fail2ban.log:
2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO[dovecot]
Found 77.40.61.224 - 2020
I have fail2ban on my mail server monitoring Dovecot and Exim.
I have noticed that it has stopped banning IP's. I have seen in
/var/log/fail2ban.log:
2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO[dovecot]
Found 77.40.61.224 - 2020-04-07 09:42:05
2020-04-07 09:42:06,408 fail
On Sat, 19 Dec 2015, Günther J. Niederwimmer wrote:
Hello,
I have a big problem with fail2ban and firewalld on my new system.
I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
all is working ?
BUT I install a new system with CentOS 7 1511 on this systems fail2ban don
Hello,
Am Saturday 19 December 2015, 09:37:14 schrieb Tony Mountifield:
> In article <1612557.81lQ3GSSy2@techz>,
>
> Günther J. Niederwimmer wrote:
> > Hello,
> >
> > I have a big problem with fail2ban and firewalld on my new system.
> >
> > I have a server running (CentOS 7.1) and run a Update
In article <1612557.81lQ3GSSy2@techz>,
Günther J. Niederwimmer wrote:
> Hello,
>
> I have a big problem with fail2ban and firewalld on my new system.
>
> I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
> all is working ?
>
> BUT I install a new system with CentOS 7
Hello,
I have a big problem with fail2ban and firewalld on my new system.
I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
all is working ?
BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't
work anymore. I have this error or more, in the f
> On 30 Mar 2015, at 13:35, John Horne wrote:
>
> On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote:
>>
>> #= logrotate_t ==
>> allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
>> execute_no_trans open };
>>
> Looks like this was already fixed
On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote:
>
> #= logrotate_t ==
> allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
> execute_no_trans open };
>
Looks like this was already fixed in 'selinux-policy'. See
https://bugzilla.redhat.com/show_bug
> On 10 Mar 2015, at 14:30, James B. Byrne wrote:
>
>
> On Mon, March 9, 2015 13:11, John Plemons wrote:
>> Been working on fail2ban, and trying to make it work with plain Jane
>> install of Centos 7
>>
>> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
>> of disk space.
On Mon, March 9, 2015 13:11, John Plemons wrote:
> Been working on fail2ban, and trying to make it work with plain Jane
> install of Centos 7
>
> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
> of disk space. Very generic and vanilla.
>
> Current available epel repo versio
On Mon, 9 Mar 2015, John Plemons wrote:
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban starts and stops fine, there isn't output
though showing any login attempts
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban sta
On Fri, December 26, 2014 12:59, Mike Burger wrote:
> On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
>> I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
>> alerts sent to root's mail to be rejected. Here's a clip from one of
>> the
>> error messages:
>>
>>
>> Mess
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20
2014
Return-Path:
Date: Sun, 21 D
-Original Message-
From: Александр Кириллов
Reply-to: CentOS mailing list
To: CentOS mailing list
Subject: Re: [CentOS] Fail2ban mail failures ???
Date: Fri, 26 Dec 2014 21:30:39 +0300
Robert G. (Doc) Savage писал 2014-12-26 20:39:
> I'm using fail2ban with CentOS 6.6. Some
Robert G. (Doc) Savage писал 2014-12-26 20:39:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 20
On 2014-12-26 12:59 pm, Mike Burger wrote:
On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From maile
On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:0
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 2014
Return-Path:
Date: Sun, 21 Dec
On Tue, Jul 15, 2014 at 09:32:48AM -0400, John Plemons wrote:
> Has anyone installed Fail2Ban on Centos 7 yet? It isn't found in the
> EPEL repo. Is there a package available?
Hello John,
I've used the current Fedora one for RHEL7. There was one selinux
problem showing up with log rotation with
Has anyone installed Fail2Ban on Centos 7 yet? It isn't found in the
EPEL repo. Is there a package available?
john
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
In article ,
Tony Mountifield wrote:
> I want to use fail2ban on CentOS 6 to monitor Apache with the standard
> default logfile format ("combined"). Has anyone here succeeded in doing so?
>
> The format has the IP at the start of the line, followed by two dashes
> (if no authentication) and THEN
I want to use fail2ban on CentOS 6 to monitor Apache with the standard
default logfile format ("combined"). Has anyone here succeeded in doing so?
The format has the IP at the start of the line, followed by two dashes
(if no authentication) and THEN the timestamp. What I've read on the
fail2ban wi
On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit wrote:
> Hello list
> I'm trying to setup fail2ban specially sasl action but I'm facing problems.
> I have centos-release-5-9.el5.centos.1
> and
> fail2ban-0.8.7.1-1.el5.rf
>
I'm using fail2ban from EPEL since I didn't have any luck with the pa
I run strace -s 512 -f -F -p 9406
9406 is fail2ban-server pid
9406 poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1,
3) = 0 (Timeout)
...
I think that the problem is not in server but the way actions "attached"
to iptables.
Python maybe?
Thanks again...
On 10/4/2013 2:30 μμ
strace -s 512 -f -F -p
e.g.
strace -s 512 -f -F -p 19420
You can use -o to redirect the output to a file. That would be
easier to check later then.
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 4/10/2013 7:19 PM, Nikos Gatsis - Qbit wrote:
> yes it doesn't!
yes it doesn't!
i have never work with strace. Any suggestions?
thank you
On 10/4/2013 2:10 μμ, Banyan He wrote:
> This doesn't look enough for tracking. How about strace? Did you find
> anything interesting?
>
> Banyan He
> Blog: http://www.rootong.com
> Email: ban...@rootong.com
This doesn't look enough for tracking. How about strace? Did you find
anything interesting?
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 4/10/2013 6:52 PM, Nikos Gatsis - Qbit wrote:
> debug:
>
> fail2ban.server : INFO Changed logging target to
> /var/log/f
Try strace to follow all fork/exec to see which command is invalid. Or,
debug log?
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote:
> Hello list
> I'm trying to setup fail2ban specially sasl action but I'm facing probl
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled
The errors I get are:
INFO Creating new jail 'sasl-iptables'
fail2ban.comm : WARNING Invalid command: ['ad
Hello Bob,
On Mon, 2012-06-18 at 17:03 +0200, Leonard den Ottolander wrote:
> I overlooked fail2ban-client and thought this had to be applied to
> action.py. I will give that sleep in fail2ban-client a try.
I'm glad you pointed out this patch as I had accidently discarded it.
Seems indeed to work
Hello Bob,
On Mon, 2012-06-18 at 10:07 -0400, Bob Hoffman wrote:
> The debian and redhat issues seem to be worlds apart. I know as I tried
> all the fixes and found debian fixes a dead end.
I still believe
http://sourceforge.net/tracker/?func=detail&aid=2870788&group_id=121032&atid=689044
is th
On 6/18/2012 9:53 AM, Leonard den Ottolander wrote:
> Hello Bob,
>
> On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote:
>> /etc/fail2ban/jail.conf
>> change line 39 to
>> backend = gamin
>>
>> Without this fail2ban will ignore log rotations by logrotate and stay on
>> the old file in your jails.
Hello Bob,
On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote:
> /etc/fail2ban/jail.conf
> change line 39 to
> backend = gamin
>
> Without this fail2ban will ignore log rotations by logrotate and stay on
> the old file in your jails.
Polling doesn't work with python >= 2.6. I haven't tested i
Here is what I had to do to make fail2ban work with centos 6, fail2ban
from epel
This is a long letter and no html to make it read better.
It deals with failed jails during start, loss of ban/unban after systems
logrotates files, errors in jails,
sasl errors, logging file correctly to work with f
On 6/17/2012 12:32 PM, bob wrote:
> force rotate will not trigger the issue with fail2ban
> setup your logrotate file to go daily and see what happens the next day.
to clarify, it is the rotation of the log files fail2ban is looking at
that is the issue, not fail2ban rotating its own logs.
wit
On 6/17/2012 12:09 PM, Mail Lists wrote:
> On 06/17/2012 10:38 AM, Leonard den Ottolander wrote:
>> The problem I'm seeing is with the EPEL build for CentOS 6. I don't
>> know if the RF build is also affected. Regards, Leonard.
> From what I am seeing the RF build is not effected. within seco
On 06/17/2012 10:38 AM, Leonard den Ottolander wrote:
> The problem I'm seeing is with the EPEL build for CentOS 6. I don't
> know if the RF build is also affected. Regards, Leonard.
From what I am seeing the RF build is not effected. within seconds
of my forced rotate I got notice of anoth
On Sun, 2012-06-17 at 10:32 -0400, Mail Lists wrote:
> I have been following this thread and I am interested to know what
> kinda of notice your getting to know fail2ban has crashed
> on a logrotate. I just did a force rotate and the only thing fail2ban
> did was restart.
There's no notice.
On 06/17/2012 10:16 AM, Leonard den Ottolander wrote:
> Hello Bob,
>
> On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote:
>> 1- you must use gamin as the setting or the log rotations will make
>> fail2ban fail
> I noticed the failing of fail2ban after rotating the logs too.
> Supposedly it works
Hello Bob,
On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote:
> 1- you must use gamin as the setting or the log rotations will make
> fail2ban fail
I noticed the failing of fail2ban after rotating the logs too.
Supposedly it works fine on CentOS 5 (from an IRC chat on
#fedora-epel(?)), but on
On 4/27/2012 8:41 AM, Maxim Shpakov wrote:
> https://github.com/fail2ban/fail2ban/issues/44
>
>
I played with the gamin, but will give it one more try with just adding
the log file to the logrotate.d/syslog file instead of its own...and
then wait til tomorrow for the full logrotate (since I canno
https://github.com/fail2ban/fail2ban/issues/44
2012/4/27 Bob Hoffman :
> I got the fail2ban from epel.
> There were a number of issues relating to using a log file...
> logwatch was looking for both fail2ban and fail2ban.log
> logrotate file fail2ban added looked for fail2ban.log and then reset
>
I got the fail2ban from epel.
There were a number of issues relating to using a log file...
logwatch was looking for both fail2ban and fail2ban.log
logrotate file fail2ban added looked for fail2ban.log and then reset
itself to syslog
fail2ban itself went to syslog, over riding its fail2ban.log.
t
On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
> I prefer action = iptables-allports on all of these, so that a source
> address attempting a bruteforce attack on one service is immediately
> banned from all services. I can't imagine a scenario where a machine
> that got blocked, for example, for a
On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
> Am 20.04.2012 08:02, schrieb Bob Hoffman:
> ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
> I prefer action = iptables-allports on all of these, so that a
> source address attempting a bruteforce attack on one service is
> imm
Am 20.04.2012 08:02, schrieb Bob Hoffman:
> /etc.fail2ban/jail.conf
> In all sections I commented out the mailto section [...]
I don't use mailto either. It's just not manageable if you have
more than a very small number of machines.
> line 16, added a space then my server ip address 123.123.12
On 4/20/2012 2:24 AM, Bob Hoffman wrote:
> if I could add something, definitely put ports, if numbers, in
> quotes...without quotes I got some errors in the logs
> port=ftp, no quotes.port="" quotes
>
> and I added one for vsftp, I use port 5000
>
> [vsftpd-iptables]
> enabled = true
> fil
On 4/20/2012 2:02 AM, Bob Hoffman wrote:
>
> /etc.fail2ban/jail.conf
>
> commented out the mailto section
>
>
>
> port="25,465,993,995", protocol=tcp]
>
> action = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
>
>
> service fail2ban start
> chkconfig fail2ban on
> service iptable
Tonight I added fail2ban to one of my webservers to test it out.
Here is my step by step, as best as I could figure it
out...documentation a bit sketchy.
feel free to add anything to it or suggest changes.
I tried to set it up to deal with ssh, http authentication, dovecot,
ftp, and postfix
I
Patrick Lists wrote:
>>> Just a wild guess but could it be that fail2ban is trying to resolve all
>>> the IP addresses in it's database? Iirc there is a config option called
>>> use_dns. Try setting it to "no" or "warn".
>>
>> Thanks for the suggestion.
>> But I couldn't find any option like that
On 03/18/2012 02:08 PM, Timothy Murphy wrote:
> Patrick Lists wrote:
>
>>> If there is a serious power failure, eg during an electric storm,
>>> and the internet goes down
>>> then my CentOS-6.2 server seems to take an inordinate time, maybe
>>> forever, to get past fail2ban.
>>> It is as though th
Thomas Göttgens wrote:
> fail2ban will go through all defined logfiles during startup. If they
> are large, it will take some time. You may be able to speed that
> process up by installing a file alteration monitor like gamut.
> fail2ban will use it if it finds it.
Thanks very much for your respo
Patrick Lists wrote:
>> If there is a serious power failure, eg during an electric storm,
>> and the internet goes down
>> then my CentOS-6.2 server seems to take an inordinate time, maybe
>> forever, to get past fail2ban.
>> It is as though there is an extremely long - maybe an hour - timeout
>>
Hi Timothy,
fail2ban will go through all defined logfiles during startup. If they
are large, it will take some time. You may be able to speed that
process up by installing a file alteration monitor like gamut.
fail2ban will use it if it finds it.
--
Mit freundlichen Grüßen
Thomas Göttgens
mailto
On 03/18/2012 12:17 PM, Timothy Murphy wrote:
> If there is a serious power failure, eg during an electric storm,
> and the internet goes down
> then my CentOS-6.2 server seems to take an inordinate time, maybe forever,
> to get past fail2ban.
> It is as though there is an extremely long - maybe an
If there is a serious power failure, eg during an electric storm,
and the internet goes down
then my CentOS-6.2 server seems to take an inordinate time, maybe forever,
to get past fail2ban.
It is as though there is an extremely long - maybe an hour - timeout
if fail2ban cannot connect to the intern
Hello,
I've all my services (postfix, dovecot, sasl, ...) secure with fail2ban,
but only httpd doesn't work
404 Not Found
//%0D/scripts/setup.php: 2 Time(s)
//3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s)
//81/phpmyadmin/scripts/setup.php: 1 Time(s)
//Admin/: 1 Tim
If I lose my broadband connection here (Italy),
and try to re-boot the computer (CentOS-6.2),
the shutdown hangs at fail2ban.
Normally there is no problem re-booting;
it only happens if the network has gone down.
It may just be an extraordinarily long timeout.
Has anyone experienced this?
And is
On 9/8/2011 7:00 μμ, centos-requ...@centos.org wrote:
>> > Hello list.
>> > I have a question for fail2ban for bad logins on sasl.
>> > I use sasl, sendmail and cyrus-imapd.
>> > In jail.conf I use the following syntax:
>> >
>> > [sasl-iptables]
>> >
>> > enabled = true
>> > filter = sasl
>>
Nikos Gatsis - Qbit
Gesendet von: centos-boun...@centos.org
09.08.2011 10:40
Bitte antworten an
CentOS mailing list
An
centos@centos.org
Kopie
Thema
[CentOS] fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[na
Another post on fail2ban reminded me of a problem I had
in Italy, when the ADSL connection kept dropping,
and only came back on re-booting.
(I solved the problem in the end by getting a Billion modem/router
in place of the no-name one supplied by Telecom Italia.)
It seems that if there was no inte
2011/5/8 David Mehler :
> Hello,
> Has anyone got fail2ban working and blocking ssh spambot atempts? My
> ssh is logging with a facility of authpriv which syslogd sends to
> /var/log/secure. That file has 600 permissions owned and group of
> root. I want to make it where fail2ban can access the nee
David Mehler wrote:
> Hello,
> Has anyone got fail2ban working and blocking ssh spambot atempts? My
> ssh is logging with a facility of authpriv which syslogd sends to
> /var/log/secure. That file has 600 permissions owned and group of
> root. I want to make it where fail2ban can access the needed
Hello,
Has anyone got fail2ban working and blocking ssh spambot atempts? My
ssh is logging with a facility of authpriv which syslogd sends to
/var/log/secure. That file has 600 permissions owned and group of
root. I want to make it where fail2ban can access the needed file, yet
not make it insecure
On Mon, 2010-08-09 at 12:12 -0400, JohnS wrote:
> On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote:
> > >Or block all networks like china,japan,india and so on. Can get these from
> > >ICANN.
> >
> > Actually. that might just be enough, I know this site won't need access
> > from other t
On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote:
> >Or block all networks like china,japan,india and so on. Can get these from
> >ICANN.
>
> Actually. that might just be enough, I know this site won't need access
> from other that NA addresses which is an easy rule to build permanently.
>Or block all networks like china,japan,india and so on. Can get these from
>ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA addresses which is an easy rule to build permanently.
Thanks,
jlc
___
CentOS m
On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote:
> I agree, and if my edge router had the functionality to inspect
> http requests I would:)
---
Ahh, so is it really http requests you want to stop?
John
___
CentOS mailing list
CentOS@centos.
On Mon, 2010-08-09 at 15:29 +, Joseph L. Casale wrote:
> >http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
> >"Question about persistant IP bans over restart"
> >
> >I think you need to adapt the example to CentOS/RH
>
> Yeah, I saw that one and implemented it. I think I have
>http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
>"Question about persistant IP bans over restart"
>
>I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite
the action scripts my jails use. The odd part is the initial
On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote:
>
> ? That's what fail2ban is setup to do, as the email suggested its
> not restoring bans correctly on restarts.
---
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
"Question about persistant IP bans over restart"
I
>Stop it at the Edge Router not the machine.
Fair enough, but now I have to manually scour the logs and
maintain a dynamic block list?
>Adding layers of security become problems like you are getting.
I agree, and if my edge router had the functionality to inspect
http requests I would:)
>Ban t
On Mon, 2010-08-09 at 00:38 +, Joseph L. Casale wrote:
> I created a filter and verified it with fail2ban-regex against
> actual lines in my log and it works. During restarts of fail2ban,
> only some previous ip's get banned immediately whereas some need a
> reoccurrence despite the jail's con
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config specification of maxretry and
findtime suggesting the entries ma
thanx john
- Original Message
> From: John Lundin
> > john, could u share your rules for the dovecot attempts?t
>
>
> Since no one else has stepped up... here's dovecot and vsftpd.
>
> These worked for me, ymmv. Centos 5 with rpmforge. Folded, failregex
> should be a single line w
On Sun, Mar 01, 2009 at 05:53:39PM -0800, Linux Advocate wrote:
> i have a basic fail2ban with tcp-wrappers & /etc/hosts.deny combo working. i
> couldnt get the iptables thing working properly.
>
> > You don't need shorewall, just the standard CentOS firewall works fine.
> > Just be sure to onl
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of John Hinton
> Sent: Sunday, March 01, 2009 9:05 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Fail2Ban
>
> Agile Aspect wrote:
> > John H
e post the iptable rule which you is believe is OS dependent.
>
>
>> You don't need shorewall, just the standard CentOS firewall works fine.
>>
>>
> It depends upon what the OP installed. The fail2ban web page
> recommends shorewall be installed - so there
> >
> Actually, it is a rather OS dependent package and the rules for CentOS
> are difficult to write. That really doesn't belong on the fail2ban list
> either.
i have a basic fail2ban with tcp-wrappers & /etc/hosts.deny combo working. i
couldnt get the iptables thing working properly.
John Hinton wrote:
> Agile Aspect wrote:
>
>> Devraj Mukherjee wrote:
>>
>>
>>> Hi all,
>>>
>>> I am trying to get fail2ban going on my server and its log message
>>> reports the following error
>>>
>>> 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
>>> fail2ban-SSH' returne
Agile Aspect wrote:
> Devraj Mukherjee wrote:
>
>> Hi all,
>>
>> I am trying to get fail2ban going on my server and its log message
>> reports the following error
>>
>> 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
>> fail2ban-SSH' returned 256
>> 2009-02-16 17:42:05,354 ERROR: 'ip
On Saturday 28 February 2009 23:45, Devraj Mukherjee wrote:
> Hi all,
>
> I am trying to get fail2ban going on my server and its log message
> reports the following error
>
> 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
> fail2ban-SSH' returned 256
> 2009-02-16 17:42:05,354 ER
Devraj Mukherjee wrote:
> Hi all,
>
> I am trying to get fail2ban going on my server and its log message
> reports the following error
>
> 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
> fail2ban-SSH' returned 256
> 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh
Hi all,
I am trying to get fail2ban going on my server and its log message
reports the following error
2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
fail2ban-SSH' returned 256
2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh
-j fail2ban-SSH
Is this because of th
Andylockran wrote on Wed, 23 Jul 2008 17:43:45 +0100:
> If you do have an issue with fail2ban, it does pretty much the same thing.
fail2ban from rpmforge works fine. It's missing the filter for dovecot,
though, and got wrong filters for many other services.
Here are some that I just figured out
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've used denyhosts.
If you do have an issue with fail2ban, it does pretty much the same thing.
Andy
- Original Message
Subject: Re: [CentOS] fail2ban needs shorewall?
Date: Wed, 23 Jul 2008 17:08:07 +0200
From: Kai Sch
Tony Molloy wrote on Wed, 23 Jul 2008 14:53:05 +0100:
> you can specify noarch on the install
> line.
that's what I did, I was just curious.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
___
On Wednesday 23 July 2008 14:31:11 Kai Schaetzl wrote:
> Tony Molloy wrote on Wed, 23 Jul 2008 13:53:49 +0100:
> > I installed fail2ban from rpmforge and it has no dependencies.
>
> Ah, thanks, I thought I had installed an rpm earlier that didn't have
> dependencies, but I couldn't find the machine
Tony Molloy wrote on Wed, 23 Jul 2008 13:53:49 +0100:
> I installed fail2ban from rpmforge and it has no dependencies.
Ah, thanks, I thought I had installed an rpm earlier that didn't have
dependencies, but I couldn't find the machine I did it on. I disabled the kbs
repo and I'm now getting it.
On Wednesday 23 July 2008 13:45:31 Kai Schaetzl wrote:
> I want to try out fail2ban and notice that both, kbs-CentOS-Testing and
> ATrpms, have shorewall as a dependency. I do not use shorewall and have
> never used it. I have my own iptables/firewall script and am happy with
> it. Can I install sh
1 - 100 of 101 matches
Mail list logo
