Re: [Fail2ban-users] ftp on Solaris 10

[Eckert, Doug]

Thanks for all the replies.

This is an inherited box that we need to keep status-quo for now. I'd just
like to eliminate the obvious external alphabetic/dictionary logon attempts.

It's got Python 2.4.4, so I dropped down to F2B v0.8.11 and created my own
filter file (/etc/fail2ban/filter.d/solaris-ftp.conf), which contains

failregex = ^.*ftpd\[.*\sACCESS DENIED\s.*\[<HOST>\]$
            ^.*ftpd\[.*\sFTP LOGIN REFUSED\s.*\[<HOST>\],\s.*$

'fail2ban-regex' picks up the appropriate log entries. I guess the next
step is to come up with an action.d/solaris-ipf.conf. Looks like the
existing 'ipfilter.conf' maybe a good place to start. Path and command
syntax may be the only changes needed.

--Doug






On Mon, Feb 1, 2016 at 10:04 PM, Gary R. Schmidt <grschm...@acm.org> wrote:

> > Has anyone got Fail2Ban (0.9.3) working for FTP on Solaris 10?
> >
> > I believe the 'default' ftp was made to look like wu-ftpd, but it
> > runs as an (inet) service, not a daemon. I see a wuftpd.conf file in
> > filter.d - perhaps one could be built using that as a template?
> >
> > I'm thinking myself in circles...pretty sure it's easier than I'm
> > making it out to be.
>
> The in.ftpd on Solaris is managed by svcadm et al, and yes, it was based
> on an ancient version of WU-FTPD.
>
> If I was exposing an FTP server to the world, I would remove that one
> and install proftpd from OpenCSW, or license ncftpd, or just about
> anything else.
>
>         Cheers,
>                 Gary    B-)
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>



--

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users