Re: [CentOS] fail2ban problems - not banning

On 1/6/21 2:57 AM, Gary Stainburn wrote: 2020-12-22 19:38:27,619 fail2ban.utils  [1836]: ERROR 7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='113.110.47.81' port port='$p' protocol='tcp'

[CentOS] fail2ban problems - not banning

Hi everyone, I've got fail2ban and firewalld set up on a C7 box, in theory protecting dovecot, exim and ssh but I'm not convinced it's doing anything. in /var/log/fail2ban.log I'm getting loads of entries such as: 2020-12-22 19:08:08,100 fail2ban.actions    [1836]: WARNING [dovecot]

Re: [CentOS] fail2ban firewalld problems with current CentOS 7

On 4/9/20 6:31 AM, Andreas Haumer wrote: ... I'm neither a fail2ban nor a SELinux expert, but it seems the standard fail2ban SELinux policy as provided by CentOS 7 is not sufficient anymore and the recent updates did not correctly update the required SELinux policies. I could report this as

Re: [CentOS] fail2ban firewalld problems with current CentOS 7

Hi! Am 09.04.20 um 10:07 schrieb Rob Kampen: [...] > I too had fail2ban fail after an otherwise successful yum update. Mine > occurred in Feb when my versions of firewalld etc were updated to the > versions you show. Thus far I have not had the opportunity to sort the > problem. Lockdown has

Re: [CentOS] fail2ban firewalld problems with current CentOS 7

On 9/04/20 7:48 pm, Andreas Haumer wrote: Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using

[CentOS] fail2ban firewalld problems with current CentOS 7

Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an

Re: [CentOS] fail2ban ban not working

On Tuesday 07 April 2020 10:09:07 Marius ROMAN wrote: > "ipset v7.1: Syntax error: '360' is out of range 0-2147483" > This is the problem. You could try to reduce the 'ban' time (for whatever > rules you have for dovecot) so that it would be in that interval and restart > fail2ban service. >

Re: [CentOS] fail2ban ban not working

Am 07.04.2020 um 10:54 schrieb Gary Stainburn: 2020-04-07 09:42:06,981 fail2ban.utils [16138]: ERROR 7ff736d6f930 -- exec: ipset create f2b-dovecot hash:ip timeout 360 [ ... ] 2020-04-07 09:42:06,982 fail2ban.utils [16138]: ERROR 7ff736d6f930 -- stderr: "ipset v7.1:

Re: [CentOS] fail2ban ban not working

On 4/7/20 11:54 AM, Gary Stainburn wrote: I have fail2ban on my mail server monitoring Dovecot and Exim. I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO[dovecot] Found 77.40.61.224 -

[CentOS] fail2ban ban not working

I have fail2ban on my mail server monitoring Dovecot and Exim. I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO[dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 2020-04-07 09:42:06,408

Re: [CentOS] fail2ban problem new installation

On Sat, 19 Dec 2015, Günther J. Niederwimmer wrote: Hello, I have a big problem with fail2ban and firewalld on my new system. I have a server running (CentOS 7.1) and run a Update to 7.2 on this system all is working ? BUT I install a new system with CentOS 7 1511 on this systems fail2ban

Re: [CentOS] fail2ban problem new installation

In article <1612557.81lQ3GSSy2@techz>, Günther J. Niederwimmer wrote: > Hello, > > I have a big problem with fail2ban and firewalld on my new system. > > I have a server running (CentOS 7.1) and run a Update to 7.2 on this system > all is working ? > > BUT I install a new

Re: [CentOS] fail2ban problem new installation CentOS 1511

Hello, Am Saturday 19 December 2015, 09:37:14 schrieb Tony Mountifield: > In article <1612557.81lQ3GSSy2@techz>, > > Günther J. Niederwimmer wrote: > > Hello, > > > > I have a big problem with fail2ban and firewalld on my new system. > > > > I have a server running (CentOS

[CentOS] fail2ban problem new installation

Hello, I have a big problem with fail2ban and firewalld on my new system. I have a server running (CentOS 7.1) and run a Update to 7.2 on this system all is working ? BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't work anymore. I have this error or more, in the

Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?

On 30 Mar 2015, at 13:35, John Horne john.ho...@plymouth.ac.uk wrote: On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote: #= logrotate_t == allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open }; Looks like this was

Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?

On Tue, 2015-03-10 at 14:43 +0100, Andrea Dell'Amico wrote: #= logrotate_t == allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open }; Looks like this was already fixed in 'selinux-policy'. See

Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?

On 10 Mar 2015, at 14:30, James B. Byrne byrn...@harte-lyne.ca wrote: On Mon, March 9, 2015 13:11, John Plemons wrote: Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB of

Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?

On Mon, March 9, 2015 13:11, John Plemons wrote: Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB of disk space. Very generic and vanilla. Current available epel repo version is

Re: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?

On Mon, 9 Mar 2015, John Plemons wrote: Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Current available epel repo version is fail2ban-0.9.1 Looking at the log file, fail2ban starts and stops fine, there isn't output though showing any login

[CentOS] Fail2Ban Centos 7 is there a trick to making it work?

Been working on fail2ban, and trying to make it work with plain Jane install of Centos 7 Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB of disk space. Very generic and vanilla. Current available epel repo version is fail2ban-0.9.1 Looking at the log file, fail2ban

Re: [CentOS] Fail2ban mail failures ???

I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 2014 Return-Path:

Re: [CentOS] Fail2ban mail failures ???

On Fri, December 26, 2014 12:59, Mike Burger wrote: On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote: I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48:

[CentOS] Fail2ban mail failures ???

I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20 2014 Return-Path:

Re: [CentOS] Fail2ban mail failures ???

On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote: I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From mailer-dae...@lion.protogeek.org Sun Dec 21

Re: [CentOS] Fail2ban mail failures ???

On 2014-12-26 12:59 pm, Mike Burger wrote: On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote: I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From

Re: [CentOS] Fail2ban mail failures ???

Robert G. (Doc) Savage писал 2014-12-26 20:39: I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's alerts sent to root's mail to be rejected. Here's a clip from one of the error messages: Message 48: From mailer-dae...@lion.protogeek.org Sun Dec 21 03:09:20

Re: [CentOS] Fail2ban mail failures ???

-Original Message- From: Александр Кириллов nevis...@infoline.su Reply-to: CentOS mailing list centos@centos.org To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] Fail2ban mail failures ??? Date: Fri, 26 Dec 2014 21:30:39 +0300 Robert G. (Doc) Savage писал 2014-12-26 20:39

[CentOS] Fail2Ban Centos 7 Anyone installed yet?

Has anyone installed Fail2Ban on Centos 7 yet? It isn't found in the EPEL repo. Is there a package available? john ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fail2Ban Centos 7 Anyone installed yet?

On Tue, Jul 15, 2014 at 09:32:48AM -0400, John Plemons wrote: Has anyone installed Fail2Ban on Centos 7 yet? It isn't found in the EPEL repo. Is there a package available? Hello John, I've used the current Fedora one for RHEL7. There was one selinux problem showing up with log rotation with

[CentOS] fail2ban with standard Apache log format?

I want to use fail2ban on CentOS 6 to monitor Apache with the standard default logfile format (combined). Has anyone here succeeded in doing so? The format has the IP at the start of the line, followed by two dashes (if no authentication) and THEN the timestamp. What I've read on the fail2ban

Re: [CentOS] fail2ban with standard Apache log format?

In article kps4fv$33j$1...@softins.clara.co.uk, Tony Mountifield t...@softins.co.uk wrote: I want to use fail2ban on CentOS 6 to monitor Apache with the standard default logfile format (combined). Has anyone here succeeded in doing so? The format has the IP at the start of the line, followed

[CentOS] fail2ban problem

Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command:

Re: [CentOS] fail2ban problem

Try strace to follow all fork/exec to see which command is invalid. Or, debug log? Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote: Hello list I'm trying to setup fail2ban specially sasl action but I'm facing

Re: [CentOS] fail2ban problem

This doesn't look enough for tracking. How about strace? Did you find anything interesting? Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 4/10/2013 6:52 PM, Nikos Gatsis - Qbit wrote: debug: fail2ban.server : INFO Changed logging target to

Re: [CentOS] fail2ban problem

yes it doesn't! i have never work with strace. Any suggestions? thank you On 10/4/2013 2:10 μμ, Banyan He wrote: This doesn't look enough for tracking. How about strace? Did you find anything interesting? Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On

Re: [CentOS] fail2ban problem

strace -s 512 -f -F -p pid e.g. strace -s 512 -f -F -p 19420 You can use -o output to redirect the output to a file. That would be easier to check later then. Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 4/10/2013 7:19 PM, Nikos Gatsis - Qbit wrote: yes it

Re: [CentOS] fail2ban problem

I run strace -s 512 -f -F -p 9406 9406 is fail2ban-server pid 9406 poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 3) = 0 (Timeout) ... I think that the problem is not in server but the way actions attached to iptables. Python maybe? Thanks again... On 10/4/2013 2:30 μμ,

Re: [CentOS] fail2ban problem

On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit ngat...@qbit.grwrote: Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf I'm using fail2ban from EPEL since I didn't have any luck

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

Hello Bob, On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote: /etc/fail2ban/jail.conf change line 39 to backend = gamin Without this fail2ban will ignore log rotations by logrotate and stay on the old file in your jails. Polling doesn't work with python = 2.6. I haven't tested if you

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

On 6/18/2012 9:53 AM, Leonard den Ottolander wrote: Hello Bob, On Sun, 2012-06-17 at 23:41 -0400, Bob Hoffman wrote: /etc/fail2ban/jail.conf change line 39 to backend = gamin Without this fail2ban will ignore log rotations by logrotate and stay on the old file in your jails. Polling

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

Hello Bob, On Mon, 2012-06-18 at 10:07 -0400, Bob Hoffman wrote: The debian and redhat issues seem to be worlds apart. I know as I tried all the fixes and found debian fixes a dead end. I still believe http://sourceforge.net/tracker/?func=detailaid=2870788group_id=121032atid=689044 is the

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

Hello Bob, On Mon, 2012-06-18 at 17:03 +0200, Leonard den Ottolander wrote: I overlooked fail2ban-client and thought this had to be applied to action.py. I will give that sleep in fail2ban-client a try. I'm glad you pointed out this patch as I had accidently discarded it. Seems indeed to work

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

Hello Bob, On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote: 1- you must use gamin as the setting or the log rotations will make fail2ban fail I noticed the failing of fail2ban after rotating the logs too. Supposedly it works fine on CentOS 5 (from an IRC chat on #fedora-epel(?)), but on

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

On 06/17/2012 10:16 AM, Leonard den Ottolander wrote: Hello Bob, On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote: 1- you must use gamin as the setting or the log rotations will make fail2ban fail I noticed the failing of fail2ban after rotating the logs too. Supposedly it works fine on

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

On Sun, 2012-06-17 at 10:32 -0400, Mail Lists wrote: I have been following this thread and I am interested to know what kinda of notice your getting to know fail2ban has crashed on a logrotate. I just did a force rotate and the only thing fail2ban did was restart. There's no notice. For

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

On 06/17/2012 10:38 AM, Leonard den Ottolander wrote: The problem I'm seeing is with the EPEL build for CentOS 6. I don't know if the RF build is also affected. Regards, Leonard. From what I am seeing the RF build is not effected. within seconds of my forced rotate I got notice of

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

On 6/17/2012 12:09 PM, Mail Lists wrote: On 06/17/2012 10:38 AM, Leonard den Ottolander wrote: The problem I'm seeing is with the EPEL build for CentOS 6. I don't know if the RF build is also affected. Regards, Leonard. From what I am seeing the RF build is not effected. within seconds

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

On 6/17/2012 12:32 PM, bob wrote: force rotate will not trigger the issue with fail2ban setup your logrotate file to go daily and see what happens the next day. to clarify, it is the rotation of the log files fail2ban is looking at that is the issue, not fail2ban rotating its own logs.

Re: [CentOS] Fail2ban logrotate [was: Update on spam, postfix, fail2ban, centos 6]

Here is what I had to do to make fail2ban work with centos 6, fail2ban from epel This is a long letter and no html to make it read better. It deals with failed jails during start, loss of ban/unban after systems logrotates files, errors in jails, sasl errors, logging file correctly to work with

[CentOS] fail2ban logrotate failure

I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log.

Re: [CentOS] fail2ban logrotate failure

https://github.com/fail2ban/fail2ban/issues/44 2012/4/27 Bob Hoffman b...@bobhoffman.com: I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log

Re: [CentOS] fail2ban logrotate failure

On 4/27/2012 8:41 AM, Maxim Shpakov wrote: https://github.com/fail2ban/fail2ban/issues/44 I played with the gamin, but will give it one more try with just adding the log file to the logrotate.d/syslog file instead of its own...and then wait til tomorrow for the full logrotate (since I cannot

[CentOS] fail2ban attempt, anyone want to add anything?

Tonight I added fail2ban to one of my webservers to test it out. Here is my step by step, as best as I could figure it out...documentation a bit sketchy. feel free to add anything to it or suggest changes. I tried to set it up to deal with ssh, http authentication, dovecot, ftp, and postfix

Re: [CentOS] fail2ban attempt, anyone want to add anything?

On 4/20/2012 2:02 AM, Bob Hoffman wrote: /etc.fail2ban/jail.conf commented out the mailto section port=25,465,993,995, protocol=tcp] action = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp] service fail2ban start chkconfig fail2ban on service iptables restart (not

Re: [CentOS] fail2ban attempt, anyone want to add anything?

On 4/20/2012 2:24 AM, Bob Hoffman wrote: if I could add something, definitely put ports, if numbers, in quotes...without quotes I got some errors in the logs port=ftp, no quotes.port= quotes and I added one for vsftp, I use port 5000 [vsftpd-iptables] enabled = true filter =

Re: [CentOS] fail2ban attempt, anyone want to add anything?

Am 20.04.2012 08:02, schrieb Bob Hoffman: /etc.fail2ban/jail.conf In all sections I commented out the mailto section [...] I don't use mailto either. It's just not manageable if you have more than a very small number of machines. line 16, added a space then my server ip address

Re: [CentOS] fail2ban attempt, anyone want to add anything?

On 4/20/2012 9:25 AM, Tilman Schmidt wrote: Am 20.04.2012 08:02, schrieb Bob Hoffman: ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp] I prefer action = iptables-allports on all of these, so that a source address attempting a bruteforce attack on one service is

Re: [CentOS] fail2ban attempt, anyone want to add anything?

On 4/20/2012 9:25 AM, Tilman Schmidt wrote: I prefer action = iptables-allports on all of these, so that a source address attempting a bruteforce attack on one service is immediately banned from all services. I can't imagine a scenario where a machine that got blocked, for example, for

[CentOS] Fail2ban problem

If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the

Re: [CentOS] Fail2ban problem

On 03/18/2012 12:17 PM, Timothy Murphy wrote: If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an

Re: [CentOS] Fail2ban problem

Hi Timothy, fail2ban will go through all defined logfiles during startup. If they are large, it will take some time. You may be able to speed that process up by installing a file alteration monitor like gamut. fail2ban will use it if it finds it. -- Mit freundlichen Grüßen Thomas Göttgens

Re: [CentOS] Fail2ban problem

Patrick Lists wrote: If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban

Re: [CentOS] Fail2ban problem

Thomas Göttgens wrote: fail2ban will go through all defined logfiles during startup. If they are large, it will take some time. You may be able to speed that process up by installing a file alteration monitor like gamut. fail2ban will use it if it finds it. Thanks very much for your

Re: [CentOS] Fail2ban problem

On 03/18/2012 02:08 PM, Timothy Murphy wrote: Patrick Lists wrote: If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an

Re: [CentOS] Fail2ban problem

Patrick Lists wrote: Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to no or warn. Thanks for the suggestion. But I couldn't find any option like that anywhere below

[CentOS] fail2ban and httpd

Hello, I've all my services (postfix, dovecot, sasl, ...) secure with fail2ban, but only httpd doesn't work 404 Not Found //%0D/scripts/setup.php: 2 Time(s) //3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s) //81/phpmyadmin/scripts/setup.php: 1 Time(s) //Admin/: 1

[CentOS] fail2ban won't die

If I lose my broadband connection here (Italy), and try to re-boot the computer (CentOS-6.2), the shutdown hangs at fail2ban. Normally there is no problem re-booting; it only happens if the network has gone down. It may just be an extraordinarily long timeout. Has anyone experienced this? And is

Re: [CentOS] fail2ban help

Nikos Gatsis - Qbit ngat...@qbit.gr Gesendet von: centos-boun...@centos.org 09.08.2011 10:40 Bitte antworten an CentOS mailing list centos@centos.org An centos@centos.org Kopie Thema [CentOS] fail2ban help Hello list. I have a question for fail2ban for bad logins on sasl. I use sasl

Re: [CentOS] fail2ban help

On 9/8/2011 7:00 μμ, centos-requ...@centos.org wrote: Hello list. I have a question for fail2ban for bad logins on sasl. I use sasl, sendmail and cyrus-imapd. In jail.conf I use the following syntax: [sasl-iptables] enabled = true filter = sasl backend = polling

[CentOS] fail2ban help

Hello list. I have a question for fail2ban for bad logins on sasl. I use sasl, sendmail and cyrus-imapd. In jail.conf I use the following syntax: [sasl-iptables] enabled = true filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp]

[CentOS] fail2ban and secure permissions

Hello, Has anyone got fail2ban working and blocking ssh spambot atempts? My ssh is logging with a facility of authpriv which syslogd sends to /var/log/secure. That file has 600 permissions owned and group of root. I want to make it where fail2ban can access the needed file, yet not make it

Re: [CentOS] fail2ban and secure permissions

David Mehler wrote: Hello, Has anyone got fail2ban working and blocking ssh spambot atempts? My ssh is logging with a facility of authpriv which syslogd sends to /var/log/secure. That file has 600 permissions owned and group of root. I want to make it where fail2ban can access the needed

Re: [CentOS] fail2ban and secure permissions

2011/5/8 David Mehler dave.meh...@gmail.com: Hello, Has anyone got fail2ban working and blocking ssh spambot atempts? My ssh is logging with a facility of authpriv which syslogd sends to /var/log/secure. That file has 600 permissions owned and group of root. I want to make it where fail2ban

[CentOS] fail2ban problem on shutdown

Another post on fail2ban reminded me of a problem I had in Italy, when the ADSL connection kept dropping, and only came back on re-booting. (I solved the problem in the end by getting a Billion modem/router in place of the no-name one supplied by Telecom Italia.) It seems that if there was no

Re: [CentOS] fail2ban behavior

On Mon, 2010-08-09 at 00:38 +, Joseph L. Casale wrote: I created a filter and verified it with fail2ban-regex against actual lines in my log and it works. During restarts of fail2ban, only some previous ip's get banned immediately whereas some need a reoccurrence despite the jail's config

Re: [CentOS] fail2ban behavior

Stop it at the Edge Router not the machine. Fair enough, but now I have to manually scour the logs and maintain a dynamic block list? Adding layers of security become problems like you are getting. I agree, and if my edge router had the functionality to inspect http requests I would:) Ban the

Re: [CentOS] fail2ban behavior

On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote: ? That's what fail2ban is setup to do, as the email suggested its not restoring bans correctly on restarts. --- http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal Question about persistant IP bans over restart I

Re: [CentOS] fail2ban behavior

http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal Question about persistant IP bans over restart I think you need to adapt the example to CentOS/RH Yeah, I saw that one and implemented it. I think I have to rewrite the action scripts my jails use. The odd part is the initial

Re: [CentOS] fail2ban behavior

On Mon, 2010-08-09 at 15:29 +, Joseph L. Casale wrote: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal Question about persistant IP bans over restart I think you need to adapt the example to CentOS/RH Yeah, I saw that one and implemented it. I think I have to rewrite

Re: [CentOS] fail2ban behavior

On Mon, 2010-08-09 at 13:58 +, Joseph L. Casale wrote: I agree, and if my edge router had the functionality to inspect http requests I would:) --- Ahh, so is it really http requests you want to stop? John ___ CentOS mailing list

Re: [CentOS] fail2ban behavior

Or block all networks like china,japan,india and so on. Can get these from ICANN. Actually. that might just be enough, I know this site won't need access from other that NA addresses which is an easy rule to build permanently. Thanks, jlc ___ CentOS

Re: [CentOS] fail2ban behavior

On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote: Or block all networks like china,japan,india and so on. Can get these from ICANN. Actually. that might just be enough, I know this site won't need access from other that NA addresses which is an easy rule to build permanently. ---

Re: [CentOS] fail2ban behavior

On Mon, 2010-08-09 at 12:12 -0400, JohnS wrote: On Mon, 2010-08-09 at 16:05 +, Joseph L. Casale wrote: Or block all networks like china,japan,india and so on. Can get these from ICANN. Actually. that might just be enough, I know this site won't need access from other that NA

[CentOS] fail2ban behavior

I created a filter and verified it with fail2ban-regex against actual lines in my log and it works. During restarts of fail2ban, only some previous ip's get banned immediately whereas some need a reoccurrence despite the jail's config specification of maxretry and findtime suggesting the entries

Re: [CentOS] Fail2Ban

On Sun, Mar 01, 2009 at 05:53:39PM -0800, Linux Advocate wrote: i have a basic fail2ban with tcp-wrappers /etc/hosts.deny combo working. i couldnt get the iptables thing working properly. You don't need shorewall, just the standard CentOS firewall works fine. Just be sure to only

Re: [CentOS] Fail2Ban

thanx john - Original Message From: John Lundin lun...@fini.net john, could u share your rules for the dovecot attempts?t Since no one else has stepped up... here's dovecot and vsftpd. These worked for me, ymmv. Centos 5 with rpmforge. Folded, failregex should be a single

Re: [CentOS] Fail2Ban

-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John Hinton Sent: Sunday, March 01, 2009 9:05 PM To: CentOS mailing list Subject: Re: [CentOS] Fail2Ban Agile Aspect wrote: John Hinton wrote: Agile Aspect wrote

Re: [CentOS] Fail2Ban

On Saturday 28 February 2009 23:45, Devraj Mukherjee wrote: Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR:

Re: [CentOS] Fail2Ban

Agile Aspect wrote: Devraj Mukherjee wrote: Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT

Re: [CentOS] Fail2Ban

John Hinton wrote: Agile Aspect wrote: Devraj Mukherjee wrote: Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16

Re: [CentOS] Fail2Ban

Actually, it is a rather OS dependent package and the rules for CentOS are difficult to write. That really doesn't belong on the fail2ban list either. i have a basic fail2ban with tcp-wrappers /etc/hosts.deny combo working. i couldnt get the iptables thing working properly. You

Re: [CentOS] Fail2Ban

which version you're running. This really is a great tool. It is not easy to create rules. I was actually thinking that a CentOS fail2ban wiki or something might be nice. If it were divided into separate versions, we could share rules there. It took me about 3 or 4 hours to write and test just

[CentOS] Fail2Ban

Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH Is this because of

Re: [CentOS] Fail2Ban

Devraj Mukherjee wrote: Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j

Re: [CentOS] fail2ban needs shorewall?

On Wednesday 23 July 2008 13:45:31 Kai Schaetzl wrote: I want to try out fail2ban and notice that both, kbs-CentOS-Testing and ATrpms, have shorewall as a dependency. I do not use shorewall and have never used it. I have my own iptables/firewall script and am happy with it. Can I install

Re: [CentOS] fail2ban needs shorewall?

Tony Molloy wrote on Wed, 23 Jul 2008 13:53:49 +0100: I installed fail2ban from rpmforge and it has no dependencies. Ah, thanks, I thought I had installed an rpm earlier that didn't have dependencies, but I couldn't find the machine I did it on. I disabled the kbs repo and I'm now getting it.

Re: [CentOS] fail2ban needs shorewall?

Tony Molloy wrote on Wed, 23 Jul 2008 14:53:05 +0100: you can specify noarch on the install line. that's what I did, I was just curious. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com

[Fwd: Re: [CentOS] fail2ban needs shorewall?]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've used denyhosts. If you do have an issue with fail2ban, it does pretty much the same thing. Andy - Original Message Subject: Re: [CentOS] fail2ban needs shorewall? Date: Wed, 23 Jul 2008 17:08:07 +0200 From: Kai Schaetzl

Re: [Fwd: [CentOS] fail2ban needs shorewall?]

Andylockran wrote on Wed, 23 Jul 2008 17:43:45 +0100: If you do have an issue with fail2ban, it does pretty much the same thing. fail2ban from rpmforge works fine. It's missing the filter for dovecot, though, and got wrong filters for many other services. Here are some that I just figured