Hi Jason, You get me right, the package is there but I wasn't able to find the comprehensive man (guide) on how to make it work in zone. The provided link touching slightly different approach.
Thank you, Yours sincerely, Oleg Sumarokov Privileged - Private & Confidential On 27 April 2016 at 16:55, Jason Lawrence <[email protected]> wrote: > Latest pkgin releases provide fail2ban as a package, so that's easy. After > that you might need to make some tweaks to the config files. Looks like > this guide covers most of the details (ie, ipfilter paths and such): > http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ > . > > If you want to send alerts via email, sendmail took a few adjustments if I > remember correctly. Pretty sure I remember just needing to remove the > "Date:" header out of the 'actionban' action in > /opt/local/etc/fail2ban/action.d/sendmail<your_choice>. > > If you're asking about something like coordinating zone/GZ firewalls, then > I've misunderstood your question. > > --jason > > > On Wed, Apr 27, 2016, at 03:00 AM, Oleg Sumarokov wrote: > > I am not switching to Russian because that information, potentially, will > help someone else not just me :) > > In my case no reverse proxies or balancers - I am getting all requests by > this particular Apache instance. (it sits in DMZ with all required > isolations but ...) > The question is - how to correctly configure fail2ban in smartos zone - > the man pages for fail2ban are generic - so I was looking for alternatives > and better (practical) knowledge in that space. > > Thank you! > > > Yours sincerely, > Oleg Sumarokov > > Privileged - Private & Confidential > > On 26 April 2016 at 22:46, Tiraen <[email protected]> wrote: > > Ok, let's on English. What I really *) Just saw the signature on the > letter. And I understood that will understand what I mean. > > The question is not that the bots are looking for. They are always looking > for the same thing. > 1) If your Web server requests go directly from clients, then yes, you can > have them blocked by the firewall (in this case ipfilter) > 2) But if the front is haproxy/nginx/etc as a balancer, or just the > reverse - the firewall can not do anything, because the network stack will > turn the proxy address and the address of the client - only log. In such > cases - lua > > > 2016-04-26 22:17 GMT+03:00 Oleg Sumarokov <[email protected]>: > > Thank you for the link, all bots are trying to find php or something > similar. > All requests are customer requests in apache log. > > Yours sincerely, > Oleg Sumarokov > > Privileged - Private & Confidential > > On 26 April 2016 at 21:34, Tiraen <[email protected]> wrote: > > > Если от клиентов напрямую, то > > http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ > > вот это можно попробовать адаптировать, под нужды. > > Если через кого то в лог - то только lua. > > > 2016-04-26 21:27 GMT+03:00 Tiraen <[email protected]>: > > > These addresses where you comes? Directly from the customer or through a > proxy (revers) / cdn > > Эти адреса вам куда приходят? Напрямую от клиентов, или через реверс > прокси/cdn ? > > > > 2016-04-25 22:51 GMT+03:00 Oleg Sumarokov <[email protected]>: > > Colleagues, > > How to correctly configure fail2ban in apache(nginx) zone is there any > alternative solution? > > access log full of requests like: (real IPs replaced with 127.0.0.1) > > 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD > http://127.0.0.1:80/db/db-admin/ HTTP/1.1" 404 - > 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD > http://127.0.0.1:80/db/dbadmin/ HTTP/1.1" 404 - > 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD > http://127.0.0.1:80/db/dbweb/ HTTP/1.1" 404 - > 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD > http://127.0.0.1:80/db/myadmin/ HTTP/1.1" 404 - > > Thank you in advance, > > Yours sincerely, > Oleg Sumarokov > > Privileged - Private & Confidential > > > > > > -- > With best regards, > > Vyacheslav Yakushev, > > Unix system administrator > > > > > > -- > With best regards, > > Vyacheslav Yakushev, > > Unix system administrator > > > > > > > > -- > With best regards, > > Vyacheslav Yakushev, > > Unix system administrator > > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/24824159-36a67e62> | > Modify <https://www.listbox.com/member/?&;> Your Subscription > <http://www.listbox.com> > > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/26905665-f269039f> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
