On 1/6/21 2:57 AM, Gary Stainburn wrote:
2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR
7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ",
" " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source
address='113.110.47.81' port port='$p' protocol='tcp'
Hi everyone,
I've got fail2ban and firewalld set up on a C7 box, in theory protecting
dovecot, exim and ssh but I'm not convinced it's doing anything.
in /var/log/fail2ban.log I'm getting loads of entries such as:
2020-12-22 19:08:08,100 fail2ban.actions [1836]: WARNING
[dovecot]
On 4/9/20 6:31 AM, Andreas Haumer wrote:
...
I'm neither a fail2ban nor a SELinux expert, but it seems the
standard fail2ban SELinux policy as provided by CentOS 7 is not
sufficient anymore and the recent updates did not correctly
update the required SELinux policies.
I could report this as
Hi!
Am 09.04.20 um 10:07 schrieb Rob Kampen:
[...]
> I too had fail2ban fail after an otherwise successful yum update. Mine
> occurred in Feb when my versions of firewalld etc were updated to the
> versions you show. Thus far I have not had the opportunity to sort the
> problem. Lockdown has
On 9/04/20 7:48 pm, Andreas Haumer wrote:
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewalld to manage the firewall rules.
Fail2an
On Tuesday 07 April 2020 10:09:07 Marius ROMAN wrote:
> "ipset v7.1: Syntax error: '360' is out of range 0-2147483"
> This is the problem. You could try to reduce the 'ban' time (for whatever
> rules you have for dovecot) so that it would be in that interval and restart
> fail2ban service.
>
Am 07.04.2020 um 10:54 schrieb Gary Stainburn:
2020-04-07 09:42:06,981 fail2ban.utils [16138]: ERROR 7ff736d6f930
-- exec: ipset create f2b-dovecot hash:ip timeout 360
[ ... ]
2020-04-07 09:42:06,982 fail2ban.utils [16138]: ERROR 7ff736d6f930 -- stderr:
"ipset v7.1:
On 4/7/20 11:54 AM, Gary Stainburn wrote:
I have fail2ban on my mail server monitoring Dovecot and Exim.
I have noticed that it has stopped banning IP's. I have seen in
/var/log/fail2ban.log:
2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO[dovecot]
Found 77.40.61.224 -
I have fail2ban on my mail server monitoring Dovecot and Exim.
I have noticed that it has stopped banning IP's. I have seen in
/var/log/fail2ban.log:
2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO[dovecot]
Found 77.40.61.224 - 2020-04-07 09:42:05
2020-04-07 09:42:06,408
On Sat, 19 Dec 2015, Günther J. Niederwimmer wrote:
Hello,
I have a big problem with fail2ban and firewalld on my new system.
I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
all is working ?
BUT I install a new system with CentOS 7 1511 on this systems fail2ban
In article <1612557.81lQ3GSSy2@techz>,
Günther J. Niederwimmer wrote:
> Hello,
>
> I have a big problem with fail2ban and firewalld on my new system.
>
> I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
> all is working ?
>
> BUT I install a new
Hello,
Am Saturday 19 December 2015, 09:37:14 schrieb Tony Mountifield:
> In article <1612557.81lQ3GSSy2@techz>,
>
> Günther J. Niederwimmer wrote:
> > Hello,
> >
> > I have a big problem with fail2ban and firewalld on my new system.
> >
> > I have a server running (CentOS
Hello,
I have a big problem with fail2ban and firewalld on my new system.
I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
all is working ?
BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't
work anymore. I have this error or more, in the
On 30 Mar 2015, at 13:35, John Horne john.ho...@plymouth.ac.uk wrote:
On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote:
#= logrotate_t ==
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
execute_no_trans open };
Looks like this was
On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote:
#= logrotate_t ==
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute
execute_no_trans open };
Looks like this was already fixed in 'selinux-policy'. See
On 10 Mar 2015, at 14:30, James B. Byrne byrn...@harte-lyne.ca wrote:
On Mon, March 9, 2015 13:11, John Plemons wrote:
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of
On Mon, March 9, 2015 13:11, John Plemons wrote:
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is
On Mon, 9 Mar 2015, John Plemons wrote:
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban starts and stops fine, there isn't output
though showing any login
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20
2014
Return-Path:
On Fri, December 26, 2014 12:59, Mike Burger wrote:
On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 2014
Return-Path:
On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21
On 2014-12-26 12:59 pm, Mike Burger wrote:
On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From
Robert G. (Doc) Savage писал 2014-12-26 20:39:
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of
the
error messages:
Message 48:
From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20
-Original Message-
From: Александр Кириллов nevis...@infoline.su
Reply-to: CentOS mailing list centos@centos.org
To: CentOS mailing list centos@centos.org
Subject: Re: [CentOS] Fail2ban mail failures ???
Date: Fri, 26 Dec 2014 21:30:39 +0300
Robert G. (Doc) Savage писал 2014-12-26 20:39
Has anyone installed Fail2Ban on Centos 7 yet? It isn't found in the
EPEL repo. Is there a package available?
john
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On Tue, Jul 15, 2014 at 09:32:48AM -0400, John Plemons wrote:
Has anyone installed Fail2Ban on Centos 7 yet? It isn't found in the
EPEL repo. Is there a package available?
Hello John,
I've used the current Fedora one for RHEL7. There was one selinux
problem showing up with log rotation with
I want to use fail2ban on CentOS 6 to monitor Apache with the standard
default logfile format (combined). Has anyone here succeeded in doing so?
The format has the IP at the start of the line, followed by two dashes
(if no authentication) and THEN the timestamp. What I've read on the
fail2ban
In article kps4fv$33j$1...@softins.clara.co.uk,
Tony Mountifield t...@softins.co.uk wrote:
I want to use fail2ban on CentOS 6 to monitor Apache with the standard
default logfile format (combined). Has anyone here succeeded in doing so?
The format has the IP at the start of the line, followed
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled
The errors I get are:
INFO Creating new jail 'sasl-iptables'
fail2ban.comm : WARNING Invalid command:
Try strace to follow all fork/exec to see which command is invalid. Or,
debug log?
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote:
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing
This doesn't look enough for tracking. How about strace? Did you find
anything interesting?
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 4/10/2013 6:52 PM, Nikos Gatsis - Qbit wrote:
debug:
fail2ban.server : INFO Changed logging target to
yes it doesn't!
i have never work with strace. Any suggestions?
thank you
On 10/4/2013 2:10 μμ, Banyan He wrote:
This doesn't look enough for tracking. How about strace? Did you find
anything interesting?
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On
strace -s 512 -f -F -p pid
e.g.
strace -s 512 -f -F -p 19420
You can use -o output to redirect the output to a file. That would be
easier to check later then.
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 4/10/2013 7:19 PM, Nikos Gatsis - Qbit wrote:
yes it
I run strace -s 512 -f -F -p 9406
9406 is fail2ban-server pid
9406 poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1,
3) = 0 (Timeout)
...
I think that the problem is not in server but the way actions attached
to iptables.
Python maybe?
Thanks again...
On 10/4/2013 2:30 μμ,
On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit ngat...@qbit.grwrote:
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
I'm using fail2ban from EPEL since I didn't have any luck
Hello Bob,
On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote:
/etc/fail2ban/jail.conf
change line 39 to
backend = gamin
Without this fail2ban will ignore log rotations by logrotate and stay on
the old file in your jails.
Polling doesn't work with python = 2.6. I haven't tested if you
On 6/18/2012 9:53 AM, Leonard den Ottolander wrote:
Hello Bob,
On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote:
/etc/fail2ban/jail.conf
change line 39 to
backend = gamin
Without this fail2ban will ignore log rotations by logrotate and stay on
the old file in your jails.
Polling
Hello Bob,
On Mon, 2012-06-18 at 10:07 -0400, Bob Hoffman wrote:
The debian and redhat issues seem to be worlds apart. I know as I tried
all the fixes and found debian fixes a dead end.
I still believe
http://sourceforge.net/tracker/?func=detailaid=2870788group_id=121032atid=689044
is the
Hello Bob,
On Mon, 2012-06-18 at 17:03 +0200, Leonard den Ottolander wrote:
I overlooked fail2ban-client and thought this had to be applied to
action.py. I will give that sleep in fail2ban-client a try.
I'm glad you pointed out this patch as I had accidently discarded it.
Seems indeed to work
Hello Bob,
On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote:
1- you must use gamin as the setting or the log rotations will make
fail2ban fail
I noticed the failing of fail2ban after rotating the logs too.
Supposedly it works fine on CentOS 5 (from an IRC chat on
#fedora-epel(?)), but on
On 06/17/2012 10:16 AM, Leonard den Ottolander wrote:
Hello Bob,
On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote:
1- you must use gamin as the setting or the log rotations will make
fail2ban fail
I noticed the failing of fail2ban after rotating the logs too.
Supposedly it works fine on
On Sun, 2012-06-17 at 10:32 -0400, Mail Lists wrote:
I have been following this thread and I am interested to know what
kinda of notice your getting to know fail2ban has crashed
on a logrotate. I just did a force rotate and the only thing fail2ban
did was restart.
There's no notice. For
On 06/17/2012 10:38 AM, Leonard den Ottolander wrote:
The problem I'm seeing is with the EPEL build for CentOS 6. I don't
know if the RF build is also affected. Regards, Leonard.
From what I am seeing the RF build is not effected. within seconds
of my forced rotate I got notice of
On 6/17/2012 12:09 PM, Mail Lists wrote:
On 06/17/2012 10:38 AM, Leonard den Ottolander wrote:
The problem I'm seeing is with the EPEL build for CentOS 6. I don't
know if the RF build is also affected. Regards, Leonard.
From what I am seeing the RF build is not effected. within seconds
On 6/17/2012 12:32 PM, bob wrote:
force rotate will not trigger the issue with fail2ban
setup your logrotate file to go daily and see what happens the next day.
to clarify, it is the rotation of the log files fail2ban is looking at
that is the issue, not fail2ban rotating its own logs.
Here is what I had to do to make fail2ban work with centos 6, fail2ban
from epel
This is a long letter and no html to make it read better.
It deals with failed jails during start, loss of ban/unban after systems
logrotates files, errors in jails,
sasl errors, logging file correctly to work with
I got the fail2ban from epel.
There were a number of issues relating to using a log file...
logwatch was looking for both fail2ban and fail2ban.log
logrotate file fail2ban added looked for fail2ban.log and then reset
itself to syslog
fail2ban itself went to syslog, over riding its fail2ban.log.
https://github.com/fail2ban/fail2ban/issues/44
2012/4/27 Bob Hoffman b...@bobhoffman.com:
I got the fail2ban from epel.
There were a number of issues relating to using a log file...
logwatch was looking for both fail2ban and fail2ban.log
logrotate file fail2ban added looked for fail2ban.log
On 4/27/2012 8:41 AM, Maxim Shpakov wrote:
https://github.com/fail2ban/fail2ban/issues/44
I played with the gamin, but will give it one more try with just adding
the log file to the logrotate.d/syslog file instead of its own...and
then wait til tomorrow for the full logrotate (since I cannot
Tonight I added fail2ban to one of my webservers to test it out.
Here is my step by step, as best as I could figure it
out...documentation a bit sketchy.
feel free to add anything to it or suggest changes.
I tried to set it up to deal with ssh, http authentication, dovecot,
ftp, and postfix
On 4/20/2012 2:02 AM, Bob Hoffman wrote:
/etc.fail2ban/jail.conf
commented out the mailto section
port=25,465,993,995, protocol=tcp]
action = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
service fail2ban start
chkconfig fail2ban on
service iptables restart (not
On 4/20/2012 2:24 AM, Bob Hoffman wrote:
if I could add something, definitely put ports, if numbers, in
quotes...without quotes I got some errors in the logs
port=ftp, no quotes.port= quotes
and I added one for vsftp, I use port 5000
[vsftpd-iptables]
enabled = true
filter =
Am 20.04.2012 08:02, schrieb Bob Hoffman:
/etc.fail2ban/jail.conf
In all sections I commented out the mailto section [...]
I don't use mailto either. It's just not manageable if you have
more than a very small number of machines.
line 16, added a space then my server ip address
On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
Am 20.04.2012 08:02, schrieb Bob Hoffman:
ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
I prefer action = iptables-allports on all of these, so that a
source address attempting a bruteforce attack on one service is
On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
I prefer action = iptables-allports on all of these, so that a source
address attempting a bruteforce attack on one service is immediately
banned from all services. I can't imagine a scenario where a machine
that got blocked, for example, for
If there is a serious power failure, eg during an electric storm,
and the internet goes down
then my CentOS-6.2 server seems to take an inordinate time, maybe forever,
to get past fail2ban.
It is as though there is an extremely long - maybe an hour - timeout
if fail2ban cannot connect to the
On 03/18/2012 12:17 PM, Timothy Murphy wrote:
If there is a serious power failure, eg during an electric storm,
and the internet goes down
then my CentOS-6.2 server seems to take an inordinate time, maybe forever,
to get past fail2ban.
It is as though there is an extremely long - maybe an
Hi Timothy,
fail2ban will go through all defined logfiles during startup. If they
are large, it will take some time. You may be able to speed that
process up by installing a file alteration monitor like gamut.
fail2ban will use it if it finds it.
--
Mit freundlichen Grüßen
Thomas Göttgens
Patrick Lists wrote:
If there is a serious power failure, eg during an electric storm,
and the internet goes down
then my CentOS-6.2 server seems to take an inordinate time, maybe
forever, to get past fail2ban.
It is as though there is an extremely long - maybe an hour - timeout
if fail2ban
Thomas Göttgens wrote:
fail2ban will go through all defined logfiles during startup. If they
are large, it will take some time. You may be able to speed that
process up by installing a file alteration monitor like gamut.
fail2ban will use it if it finds it.
Thanks very much for your
On 03/18/2012 02:08 PM, Timothy Murphy wrote:
Patrick Lists wrote:
If there is a serious power failure, eg during an electric storm,
and the internet goes down
then my CentOS-6.2 server seems to take an inordinate time, maybe
forever, to get past fail2ban.
It is as though there is an
Patrick Lists wrote:
Just a wild guess but could it be that fail2ban is trying to resolve all
the IP addresses in it's database? Iirc there is a config option called
use_dns. Try setting it to no or warn.
Thanks for the suggestion.
But I couldn't find any option like that anywhere below
Hello,
I've all my services (postfix, dovecot, sasl, ...) secure with fail2ban,
but only httpd doesn't work
404 Not Found
//%0D/scripts/setup.php: 2 Time(s)
//3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s)
//81/phpmyadmin/scripts/setup.php: 1 Time(s)
//Admin/: 1
If I lose my broadband connection here (Italy),
and try to re-boot the computer (CentOS-6.2),
the shutdown hangs at fail2ban.
Normally there is no problem re-booting;
it only happens if the network has gone down.
It may just be an extraordinarily long timeout.
Has anyone experienced this?
And is
Nikos Gatsis - Qbit ngat...@qbit.gr
Gesendet von: centos-boun...@centos.org
09.08.2011 10:40
Bitte antworten an
CentOS mailing list centos@centos.org
An
centos@centos.org
Kopie
Thema
[CentOS] fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl
On 9/8/2011 7:00 μμ, centos-requ...@centos.org wrote:
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
Hello,
Has anyone got fail2ban working and blocking ssh spambot atempts? My
ssh is logging with a facility of authpriv which syslogd sends to
/var/log/secure. That file has 600 permissions owned and group of
root. I want to make it where fail2ban can access the needed file, yet
not make it
David Mehler wrote:
Hello,
Has anyone got fail2ban working and blocking ssh spambot atempts? My
ssh is logging with a facility of authpriv which syslogd sends to
/var/log/secure. That file has 600 permissions owned and group of
root. I want to make it where fail2ban can access the needed
2011/5/8 David Mehler dave.meh...@gmail.com:
Hello,
Has anyone got fail2ban working and blocking ssh spambot atempts? My
ssh is logging with a facility of authpriv which syslogd sends to
/var/log/secure. That file has 600 permissions owned and group of
root. I want to make it where fail2ban
Another post on fail2ban reminded me of a problem I had
in Italy, when the ADSL connection kept dropping,
and only came back on re-booting.
(I solved the problem in the end by getting a Billion modem/router
in place of the no-name one supplied by Telecom Italia.)
It seems that if there was no
On Mon, 2010-08-09 at 00:38 +, Joseph L. Casale wrote:
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config
Stop it at the Edge Router not the machine.
Fair enough, but now I have to manually scour the logs and
maintain a dynamic block list?
Adding layers of security become problems like you are getting.
I agree, and if my edge router had the functionality to inspect
http requests I would:)
Ban the
On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote:
? That's what fail2ban is setup to do, as the email suggested its
not restoring bans correctly on restarts.
---
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
Question about persistant IP bans over restart
I
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
Question about persistant IP bans over restart
I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite
the action scripts my jails use. The odd part is the initial
On Mon, 2010-08-09 at 15:29 +, Joseph L. Casale wrote:
http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
Question about persistant IP bans over restart
I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite
On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote:
I agree, and if my edge router had the functionality to inspect
http requests I would:)
---
Ahh, so is it really http requests you want to stop?
John
___
CentOS mailing list
Or block all networks like china,japan,india and so on. Can get these from
ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA addresses which is an easy rule to build permanently.
Thanks,
jlc
___
CentOS
On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote:
Or block all networks like china,japan,india and so on. Can get these from
ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA addresses which is an easy rule to build permanently.
---
On Mon, 2010-08-09 at 12:12 -0400, JohnS wrote:
On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote:
Or block all networks like china,japan,india and so on. Can get these from
ICANN.
Actually. that might just be enough, I know this site won't need access
from other that NA
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config specification of maxretry and
findtime suggesting the entries
On Sun, Mar 01, 2009 at 05:53:39PM -0800, Linux Advocate wrote:
i have a basic fail2ban with tcp-wrappers /etc/hosts.deny combo working. i
couldnt get the iptables thing working properly.
You don't need shorewall, just the standard CentOS firewall works fine.
Just be sure to only
thanx john
- Original Message
From: John Lundin lun...@fini.net
john, could u share your rules for the dovecot attempts?t
Since no one else has stepped up... here's dovecot and vsftpd.
These worked for me, ymmv. Centos 5 with rpmforge. Folded, failregex
should be a single
-Original Message-
From: centos-boun...@centos.org
[mailto:centos-boun...@centos.org] On Behalf Of John Hinton
Sent: Sunday, March 01, 2009 9:05 PM
To: CentOS mailing list
Subject: Re: [CentOS] Fail2Ban
Agile Aspect wrote:
John Hinton wrote:
Agile Aspect wrote
On Saturday 28 February 2009 23:45, Devraj Mukherjee wrote:
Hi all,
I am trying to get fail2ban going on my server and its log message
reports the following error
2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
fail2ban-SSH' returned 256
2009-02-16 17:42:05,354 ERROR:
Agile Aspect wrote:
Devraj Mukherjee wrote:
Hi all,
I am trying to get fail2ban going on my server and its log message
reports the following error
2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
fail2ban-SSH' returned 256
2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT
John Hinton wrote:
Agile Aspect wrote:
Devraj Mukherjee wrote:
Hi all,
I am trying to get fail2ban going on my server and its log message
reports the following error
2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
fail2ban-SSH' returned 256
2009-02-16
Actually, it is a rather OS dependent package and the rules for CentOS
are difficult to write. That really doesn't belong on the fail2ban list
either.
i have a basic fail2ban with tcp-wrappers /etc/hosts.deny combo working. i
couldnt get the iptables thing working properly.
You
which
version you're running.
This really is a great tool. It is not easy to create rules. I was
actually thinking that a CentOS fail2ban wiki or something might be
nice. If it were divided into separate versions, we could share rules
there. It took me about 3 or 4 hours to write and test just
Hi all,
I am trying to get fail2ban going on my server and its log message
reports the following error
2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
fail2ban-SSH' returned 256
2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh
-j fail2ban-SSH
Is this because of
Devraj Mukherjee wrote:
Hi all,
I am trying to get fail2ban going on my server and its log message
reports the following error
2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
fail2ban-SSH' returned 256
2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh
-j
On Wednesday 23 July 2008 13:45:31 Kai Schaetzl wrote:
I want to try out fail2ban and notice that both, kbs-CentOS-Testing and
ATrpms, have shorewall as a dependency. I do not use shorewall and have
never used it. I have my own iptables/firewall script and am happy with
it. Can I install
Tony Molloy wrote on Wed, 23 Jul 2008 13:53:49 +0100:
I installed fail2ban from rpmforge and it has no dependencies.
Ah, thanks, I thought I had installed an rpm earlier that didn't have
dependencies, but I couldn't find the machine I did it on. I disabled the kbs
repo and I'm now getting it.
Tony Molloy wrote on Wed, 23 Jul 2008 14:53:05 +0100:
you can specify noarch on the install
line.
that's what I did, I was just curious.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've used denyhosts.
If you do have an issue with fail2ban, it does pretty much the same thing.
Andy
- Original Message
Subject: Re: [CentOS] fail2ban needs shorewall?
Date: Wed, 23 Jul 2008 17:08:07 +0200
From: Kai Schaetzl
Andylockran wrote on Wed, 23 Jul 2008 17:43:45 +0100:
If you do have an issue with fail2ban, it does pretty much the same thing.
fail2ban from rpmforge works fine. It's missing the filter for dovecot,
though, and got wrong filters for many other services.
Here are some that I just figured
99 matches
Mail list logo