Re: [Astlinux-users] Banned Hosts
> Am 11.08.2018 um 21:33 schrieb Lonnie Abelbeck : > > Cody, > > The Status tab -> Adaptive Ban Plugin Status: only shows banned hosts by the > adaptive-ban plugin using the current /var/log/messages file. > > Lonnie BTW: The "messages" file gets rotated (by file size) over time, even if you set "PERSISTLOG=yes". >> On Aug 11, 2018, at 2:26 PM, Cody Alderson wrote: >> >> Micheal Keuter, >> >> Thank you. Yes, it is the entry in user.conf that I placed. I remember that >> now. I checked, and it is still present. Does the status screen for banned >> hosts list all the banned hosts in the log or just a few of them? Just >> curious. Thank you for the info on permanently blocking IP addresses. >> >> Cody >> >> On Sat, Aug 11, 2018 at 12:20 PM, Michael Keuter >> wrote: >> >> Hi Cody, >> >> the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the >> entries in the "/var/log/messages" file (like Fail2Ban works too). >> Usually the log file is deleted on reboot, unless you have manually set >> "PERSISTLOG=yes" in your "user.conf". >> >> But depending on how your firewall is configured, you can permanently block >> IP-addresses either in >> "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in >> "/mnt/kd/blocklists/blocked-hosts.netset" >> >> https://doc.astlinux.org/userdoc:tt_firewall_external_block_list >> >> Michael Michael http://www.mksolutions.info -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Banned Hosts
Cody, The Status tab -> Adaptive Ban Plugin Status: only shows banned hosts by the adaptive-ban plugin using the current /var/log/messages file. Lonnie > On Aug 11, 2018, at 2:26 PM, Cody Alderson wrote: > > Micheal Keuter, > > Thank you. Yes, it is the entry in user.conf that I placed. I remember that > now. I checked, and it is still present. Does the status screen for banned > hosts list all the banned hosts in the log or just a few of them? Just > curious. Thank you for the info on permanently blocking IP addresses. > > Cody > > > > On Sat, Aug 11, 2018 at 12:20 PM, Michael Keuter > wrote: > > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the > entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set > "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently block > IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in > "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael > > http://www.mksolutions.info > > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! > http://sdm.link/slashdot___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Banned Hosts
Micheal Keuter, Thank you. Yes, it is the entry in user.conf that I placed. I remember that now. I checked, and it is still present. Does the status screen for banned hosts list all the banned hosts in the log or just a few of them? Just curious. Thank you for the info on permanently blocking IP addresses. Cody On Sat, Aug 11, 2018 at 12:20 PM, Michael Keuter wrote: > > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the > entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set > "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently > block IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in > "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael > > http://www.mksolutions.info > > > > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Banned Hosts
> On Aug 11, 2018, at 11:20 AM, Michael Keuter wrote: > > >> Am 11.08.2018 um 18:10 schrieb Cody Alderson : >> >> Hi, >> >> I made changes based on recommendations here to have the banned hosts >> persist after a reboot. On the status screen there was a long list of banned >> hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, >> and I noticed the list has far fewer IP addresses than it used to. Note that >> I also upgraded Astlinux to the most recent stable version. >> >> My question is, did upgrading make the change I put in place to keep the >> banned hosts after a reboot back to some default I do not know about? >> Another issue is that I did not write down the change I made to have the >> banned hosts persist after a reboot, so I can't even check it. >> >> So, would someone please advise me as to what I likely changed to have >> banned hosts persist after a reboot? Also, does upgrading Astlinux switch >> any user changes to default software configurations back to defaults? >> >> Thank you, >> >> Cody > > Hi Cody, > > the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the > entries in the "/var/log/messages" file (like Fail2Ban works too). > Usually the log file is deleted on reboot, unless you have manually set > "PERSISTLOG=yes" in your "user.conf". > > But depending on how your firewall is configured, you can permanently block > IP-addresses either in > "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in > "/mnt/kd/blocklists/blocked-hosts.netset" > > https://doc.astlinux.org/userdoc:tt_firewall_external_block_list > > Michael +1 Michael Cody, if you are getting a lot of banned IP's from the adaptive-ban plugin, it may be a good time to re-think what is exposed to the public internet. 1) If you don't have SIP clients accessing remotely, then there is no need to allow UDP 5060 from the public. 2) If you must allow public SIP clients, look at the dyndns-host-open plugin to restrict access or the sip-user-agent plugin with SIP_USER_AGENT_PASS_TYPES defined. 3) Consider using a VPN for clients to access remotely. Overlapping layers of security to tighten public access is good practice. Lonnie -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Banned Hosts
> Am 11.08.2018 um 18:10 schrieb Cody Alderson : > > Hi, > > I made changes based on recommendations here to have the banned hosts persist > after a reboot. On the status screen there was a long list of banned hosts > under the "Adaptive Ban Plugin Status" section. I recently rebooted, and I > noticed the list has far fewer IP addresses than it used to. Note that I also > upgraded Astlinux to the most recent stable version. > > My question is, did upgrading make the change I put in place to keep the > banned hosts after a reboot back to some default I do not know about? Another > issue is that I did not write down the change I made to have the banned hosts > persist after a reboot, so I can't even check it. > > So, would someone please advise me as to what I likely changed to have banned > hosts persist after a reboot? Also, does upgrading Astlinux switch any user > changes to default software configurations back to defaults? > > Thank you, > > Cody Hi Cody, the "Banned Hosts list" from the Adaptive Ban Plugin is generated from the entries in the "/var/log/messages" file (like Fail2Ban works too). Usually the log file is deleted on reboot, unless you have manually set "PERSISTLOG=yes" in your "user.conf". But depending on how your firewall is configured, you can permanently block IP-addresses either in "/mnt/kd/blocked-hosts" or if you use *.netset blocking-list files in "/mnt/kd/blocklists/blocked-hosts.netset" https://doc.astlinux.org/userdoc:tt_firewall_external_block_list Michael http://www.mksolutions.info -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Banned Hosts
Hi, I made changes based on recommendations here to have the banned hosts persist after a reboot. On the status screen there was a long list of banned hosts under the "Adaptive Ban Plugin Status" section. I recently rebooted, and I noticed the list has far fewer IP addresses than it used to. Note that I also upgraded Astlinux to the most recent stable version. My question is, did upgrading make the change I put in place to keep the banned hosts after a reboot back to some default I do not know about? Another issue is that I did not write down the change I made to have the banned hosts persist after a reboot, so I can't even check it. So, would someone please advise me as to what I likely changed to have banned hosts persist after a reboot? Also, does upgrading Astlinux switch any user changes to default software configurations back to defaults? Thank you, Cody -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
