On 16/07/2021 01:00, James Moe via Fail2ban-users wrote:
On 7/13/21 11:59 AM, Nick Howitt wrote:
Suricata is a Snort alternative. If it is anything like Snort, it can be
configured to be inside or outside the firewall. In ClearOS, it is
outside the firewall but I assume for other distros it
On 7/13/21 11:59 AM, Nick Howitt wrote:
> Suricata is a Snort alternative. If it is anything like Snort, it can be
> configured to be inside or outside the firewall. In ClearOS, it is
> outside the firewall but I assume for other distros it is user configurable.
>
I am not clear what you mean
On 13/07/2021 19:25, James Moe via Fail2ban-users wrote:
On 7/13/21 12:34 AM, Tom Hendrikx wrote:
Please post full configuration if you're not sure what to look for. I
have no idea what 'suricata' is though
Suricata is an Intrusion Detection/Prevention Software.
Suricata is a Snort al
On 7/13/21 12:34 AM, Tom Hendrikx wrote:
> Please post full configuration if you're not sure what to look for. I
> have no idea what 'suricata' is though
>
Suricata is an Intrusion Detection/Prevention Software.
[ jail ]
[suricata-1]
enabled = true
logpath = /data01/var/log/suricat
Hi,
You are thinking to close by ban people out.
I, for myself runing a jail named "info-apache" which triggers on access
to the file "robots.txt". action isn't to ban out these ip's, there f2b
only sending a mail using some greped infos from the log. So i can see
which bots, how often take a
It can also happen if you are detecting responses, e.g. with SMTP, if
you are detecting messages like "Lost connection from " messages
these can apear up to about 3 minutes after the initial contact was made
so, for example if someone makes 10 connection attempts which get lost,
your ban ma
Hi,
Apparently the ip-address 'should' be banned according to fail2ban's
internal administration, but there is still activity coming in,
triggering new bans.
This can happen if your banning technique is broken, the configuration
is broken, etc.
F.i. you could configure the apache jail to b
fail2ban v1.0.1.1
opensuse tumbleweed, linux v5.13.0
Messages as shown below occasionally are in the log. It does not make much
sense. If the IP is banned, how can it be detected in the target log?
2021-07-11 16:15:31,136 fail2ban.filter [10710]: INFO[suricata-1]
Found 65.205.231.167
