Latest pkgin releases provide fail2ban as a package, so that's easy. After that you might need to make some tweaks to the config files. Looks like this guide covers most of the details (ie, ipfilter paths and such): http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/. If you want to send alerts via email, sendmail took a few adjustments if I remember correctly. Pretty sure I remember just needing to remove the "Date:" header out of the 'actionban' action in /opt/local/etc/fail2ban/action.d/sendmail<your_choice>. If you're asking about something like coordinating zone/GZ firewalls, then I've misunderstood your question. --jason On Wed, Apr 27, 2016, at 03:00 AM, Oleg Sumarokov wrote: > I am not switching to Russian because that information, potentially, > will help someone else not just me :) > > In my case no reverse proxies or balancers - I am getting all requests > by this particular Apache instance. (it sits in DMZ with all required > isolations but ...) > The question is - how to correctly configure fail2ban in smartos zone > - the man pages for fail2ban are generic - so I was looking for > alternatives and better (practical) knowledge in that space. > > Thank you! > > > Yours sincerely, Oleg Sumarokov > > Privileged - Private & Confidential > > On 26 April 2016 at 22:46, Tiraen <[email protected]> wrote: >> Ok, let's on English. What I really *) Just saw the signature on the >> letter. And I understood that will understand what I mean. >> >> The question is not that the bots are looking for. They are always >> looking for the same thing. >> 1) If your Web server requests go directly from clients, then yes, >> you can have them blocked by the firewall (in this case ipfilter) >> 2) But if the front is haproxy/nginx/etc as a balancer, or just the >> reverse - the firewall can not do anything, because the network >> stack will turn the proxy address and the address of the client - >> only log. In such cases - lua >> >> >> 2016-04-26 22:17 GMT+03:00 Oleg Sumarokov <[email protected]>: >>> Thank you for the link, all bots are trying to find php or something >>> similar. >>> All requests are customer requests in apache log. >>> >>> Yours sincerely, Oleg Sumarokov >>> >>> Privileged - Private & Confidential >>> >>> On 26 April 2016 at 21:34, Tiraen <[email protected]> wrote: >>>> >>>> Если от клиентов напрямую, то >>>> http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ >>>> >>>> вот это можно попробовать адаптировать, под нужды. >>>> >>>> Если через кого то в лог - то только lua. >>>> >>>> >>>> 2016-04-26 21:27 GMT+03:00 Tiraen <[email protected]>: >>>>> >>>>> These addresses where you comes? Directly from the customer or >>>>> through a proxy (revers) / cdn >>>>> >>>>> Эти адреса вам куда приходят? Напрямую от клиентов, или через >>>>> реверс прокси/cdn ? >>>>> >>>>> >>>>> >>>>> 2016-04-25 22:51 GMT+03:00 Oleg Sumarokov >>>>> <[email protected]>: >>>>>> Colleagues, >>>>>> >>>>>> How to correctly configure fail2ban in apache(nginx) zone is >>>>>> there any alternative solution? >>>>>> >>>>>> access log full of requests like: (real IPs replaced with >>>>>> 127.0.0.1) >>>>>> >>>>>> 127..0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>>> http://127.0.0.1:80/db/db-admin/ HTTP/1.1" 404 - >>>>>> 127..0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>>> http://127.0.0.1:80/db/dbadmin/ HTTP/1.1" 404 - >>>>>> 127..0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>>> http://127.0.0.1:80/db/dbweb/ HTTP/1.1" 404 - >>>>>> 127..0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>>> http://127.0.0.1:80/db/myadmin/ HTTP/1.1" 404 - >>>>>> >>>>>> Thank you in advance, >>>>>> >>>>>> Yours sincerely, Oleg Sumarokov >>>>>> >>>>>> Privileged - Private & Confidential >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> With best regards, >>>>> >>>>> Vyacheslav Yakushev, >>>>> >>>>> Unix system administrator >>>>> >>>> >>>> >>>> >>>> -- >>>> With best regards, >>>> >>>> Vyacheslav Yakushev, >>>> >>>> Unix system administrator >>>> >>> >> >> >> >> -- >> With best regards, >> >> Vyacheslav Yakushev, >> >> Unix system administrator >> > *smartos-discuss* | Archives[1] | Modify[2] Your Subscription >
Links: 1. https://www.listbox.com/member/archive/184463/=now 2. https://www.listbox.com/member/?&; ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
