From: Klaus L. <leh...@t-...> - 2010-06-22 14:02:08
|
hi there according to my renew on my fail2ban_installations on any servers, I want to build some new features.... 1. 1st feature is build very well: dshield.conf ========= (from russel in GB) 2. I'm just now on complain.conf ====================== It seems a very interesting feature. the idea ist (from russel in GB): # Sends a complaint e-mail to addresses listed in the whois record for # an offending IP address. are there any colleague, who succesfully build this in? my problem is: I can't do so much tests, complain.conf !is! sending real emails! and I don't want to have rubish emails, send out from !my! system ;-) . its so easy to geton a blacklist ;-( russell wrote in complain.conf: # You should provide the <logpath> in the jail config - lines from the # log matching the given IP address will be provided in the complaint # as evidence. how? === maybe on http://www.thanosk.net/content/securing-plesk-installation-using-fail2ba n is a correct answer: [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=th...@th..., sender=fai...@ma...] complain[logpath=/var/log/secure] logpath = /var/log/secure maxretry = 3 bantime = 43200 ok, I'll give it a try! ;-) 3. there was a typo in last email (sorry) http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal for some of us, who have problems, whynot have a look on above citatd page?! ;-) 4. a small hint, for someone like me, who have more than one server: look deeply in dshield.local AND jail.local your emailadress in "sender=fail2ban@beate_uhse.com" must be different!!! if You have more than one servers... ;-) 5. who is CorvusCorax? Do You listen here???? Corvus has written some interesting thing: in : http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal "Bruteforce from Botnets (by CorvusCorax)" where is this perl-script? ;-) 6. -> Gregg Lain hat wrote a nice checking script: see more on: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal befor I run this script, I must change: 4-5x /usr/bin into /usr/local/bin (we have suse_linux) this is my result: ----------- fail2ban setup check ------------------------------------------------------------ fail2ban 0:off 1:off 2:off 3:on 4:off 5:on 6:off Checking for service Fail2ban running no more! -> Gregg: is it correct? -> Gregg: what is "apg" ?( I have'nt found in my linux(suse)-distribution...) 7. ->buanzano-> psad psad is last affaire on my list. I don't want to used by programs like nmap... ----> arturo . where is psad? I will reconstruct it from groupmail: Sat, 01 May 2010 13:26:02 +0000 what is happened with psad? Yours klaus |