On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
> I prefer action = iptables-allports on all of these, so that a source
> address attempting a bruteforce attack on one service is immediately
> banned from all services. I can't imagine a scenario where a machine
> that got blocked, for example, for a
On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
> Am 20.04.2012 08:02, schrieb Bob Hoffman:
> ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
> I prefer action = iptables-allports on all of these, so that a
> source address attempting a bruteforce attack on one service is
> imm
Am 20.04.2012 08:02, schrieb Bob Hoffman:
> /etc.fail2ban/jail.conf
> In all sections I commented out the mailto section [...]
I don't use mailto either. It's just not manageable if you have
more than a very small number of machines.
> line 16, added a space then my server ip address 123.123.12
On 4/20/2012 2:24 AM, Bob Hoffman wrote:
> if I could add something, definitely put ports, if numbers, in
> quotes...without quotes I got some errors in the logs
> port=ftp, no quotes.port="" quotes
>
> and I added one for vsftp, I use port 5000
>
> [vsftpd-iptables]
> enabled = true
> fil
On 4/20/2012 2:02 AM, Bob Hoffman wrote:
>
> /etc.fail2ban/jail.conf
>
> commented out the mailto section
>
>
>
> port="25,465,993,995", protocol=tcp]
>
> action = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
>
>
> service fail2ban start
> chkconfig fail2ban on
> service iptable
Tonight I added fail2ban to one of my webservers to test it out.
Here is my step by step, as best as I could figure it
out...documentation a bit sketchy.
feel free to add anything to it or suggest changes.
I tried to set it up to deal with ssh, http authentication, dovecot,
ftp, and postfix
I
6 matches
Mail list logo