Menu
▾
▴
fail2ban-users — The mailing list for help on getting Fail2Ban up and running on your machine
You can subscribe to this list here.
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(11) |
Oct
(8) |
Nov
(10) |
Dec
(8) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
(6) |
Feb
(1) |
Mar
(43) |
Apr
(17) |
May
(2) |
Jun
(8) |
Jul
(9) |
Aug
(14) |
Sep
(15) |
Oct
(25) |
Nov
(20) |
Dec
(12) |
| 2007 |
Jan
(29) |
Feb
(19) |
Mar
(8) |
Apr
(12) |
May
(10) |
Jun
(9) |
Jul
(40) |
Aug
(33) |
Sep
(74) |
Oct
(19) |
Nov
(31) |
Dec
(13) |
| 2008 |
Jan
(50) |
Feb
(52) |
Mar
(43) |
Apr
(21) |
May
(68) |
Jun
(28) |
Jul
(6) |
Aug
(25) |
Sep
(14) |
Oct
(32) |
Nov
(7) |
Dec
(13) |
| 2009 |
Jan
(25) |
Feb
(1) |
Mar
(2) |
Apr
(8) |
May
(4) |
Jun
(6) |
Jul
(24) |
Aug
(40) |
Sep
(24) |
Oct
(15) |
Nov
(31) |
Dec
(35) |
| 2010 |
Jan
(6) |
Feb
(1) |
Mar
(23) |
Apr
(16) |
May
(4) |
Jun
(36) |
Jul
(20) |
Aug
(13) |
Sep
(36) |
Oct
(12) |
Nov
(9) |
Dec
(2) |
| 2011 |
Jan
(16) |
Feb
(9) |
Mar
(21) |
Apr
(33) |
May
(27) |
Jun
(31) |
Jul
(20) |
Aug
(7) |
Sep
(20) |
Oct
(41) |
Nov
(29) |
Dec
(52) |
| 2012 |
Jan
(127) |
Feb
(36) |
Mar
(15) |
Apr
(40) |
May
(23) |
Jun
(43) |
Jul
(84) |
Aug
(50) |
Sep
(31) |
Oct
(45) |
Nov
(43) |
Dec
(47) |
| 2013 |
Jan
(39) |
Feb
(83) |
Mar
(50) |
Apr
(50) |
May
(79) |
Jun
(87) |
Jul
(71) |
Aug
(41) |
Sep
(39) |
Oct
(81) |
Nov
(61) |
Dec
(74) |
| 2014 |
Jan
(76) |
Feb
(50) |
Mar
(45) |
Apr
(62) |
May
(59) |
Jun
(21) |
Jul
(93) |
Aug
(64) |
Sep
(53) |
Oct
(44) |
Nov
(37) |
Dec
(43) |
| 2015 |
Jan
(60) |
Feb
(72) |
Mar
(35) |
Apr
(50) |
May
(52) |
Jun
(89) |
Jul
(110) |
Aug
(94) |
Sep
(77) |
Oct
(82) |
Nov
(41) |
Dec
(26) |
| 2016 |
Jan
(42) |
Feb
(44) |
Mar
(26) |
Apr
(55) |
May
(26) |
Jun
(17) |
Jul
(63) |
Aug
(38) |
Sep
(43) |
Oct
(50) |
Nov
(45) |
Dec
(55) |
| 2017 |
Jan
(26) |
Feb
(29) |
Mar
(28) |
Apr
(40) |
May
(2) |
Jun
(16) |
Jul
(22) |
Aug
(21) |
Sep
(35) |
Oct
(47) |
Nov
(10) |
Dec
(15) |
| 2018 |
Jan
(18) |
Feb
(35) |
Mar
(71) |
Apr
(9) |
May
(39) |
Jun
(19) |
Jul
(14) |
Aug
(108) |
Sep
(5) |
Oct
(34) |
Nov
(24) |
Dec
(13) |
| 2019 |
Jan
(13) |
Feb
(19) |
Mar
(33) |
Apr
(11) |
May
(21) |
Jun
(61) |
Jul
(21) |
Aug
(80) |
Sep
(26) |
Oct
(10) |
Nov
(8) |
Dec
(4) |
| 2020 |
Jan
(26) |
Feb
(81) |
Mar
(31) |
Apr
(37) |
May
(52) |
Jun
(10) |
Jul
(47) |
Aug
(25) |
Sep
(63) |
Oct
(36) |
Nov
(19) |
Dec
(18) |
| 2021 |
Jan
(49) |
Feb
(11) |
Mar
(18) |
Apr
(21) |
May
(66) |
Jun
(8) |
Jul
(35) |
Aug
(30) |
Sep
(10) |
Oct
(31) |
Nov
(4) |
Dec
(23) |
| 2022 |
Jan
(1) |
Feb
(16) |
Mar
(34) |
Apr
(6) |
May
(2) |
Jun
|
Jul
(1) |
Aug
(17) |
Sep
(1) |
Oct
(2) |
Nov
(4) |
Dec
(16) |
| 2023 |
Jan
(10) |
Feb
(39) |
Mar
(7) |
Apr
(44) |
May
(17) |
Jun
(20) |
Jul
|
Aug
(2) |
Sep
(10) |
Oct
(7) |
Nov
(3) |
Dec
(3) |
| 2024 |
Jan
(1) |
Feb
(10) |
Mar
(8) |
Apr
(1) |
May
(19) |
Jun
(15) |
Jul
(3) |
Aug
(5) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
(11) |
Mar
(3) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
|
|
|
|
|
1
|
2
|
3
|
|
4
(1) |
5
(3) |
6
(5) |
7
|
8
|
9
(3) |
10
|
|
11
|
12
(2) |
13
(13) |
14
|
15
(10) |
16
(6) |
17
(5) |
|
18
(1) |
19
(1) |
20
|
21
|
22
(2) |
23
|
24
|
|
25
|
26
|
27
(3) |
28
(1) |
29
(9) |
30
(5) |
31
(1) |
|
From: Palvelin P. <pos...@pa...> - 2018-03-31 14:19:34
|
Are the various multiplier settings documented somewhere? Examples would be very welcome too. Isn’t that what this list is for? :) > On 30 Mar 2018, at 14:46, Tony Collins <to...@ev...> wrote: > > Hi! > > It's really configurable: there's a basic on/off setting, but you can also tell it how much to increase by each time, and you can set either simple or aggressive formulae. > > This is one of the settings for the multiplier: > > bantime.multipliers = 1 2 16 90 182 365 1000 2000 > > That shows how aggressively it will increase the bantime. In example above, my bantime of 86400 (1 day) will ban a persistent offender for 1 day, 2 days, 16 days etc. You can configure it in a really granular way if you manipulate the ban time with the multiplier. > > In terms of purging, yes I'm talking about dbpurgeage. Until 0.10 or 0.11 that setting didn't actually do anything. No function was ever written to purge the DB. > > Now it works; it does purge after dbpurgeage. So I set my purge age to 2 years, so that it remembers long-time bans. But that's because my multiplier eventually bans bad IPa for a year or more. > > The purge age amount depends on what sort of ban times you set. > > If you want to discuss more specific examples, I can show you how I'm using it. > > It's honestly improved f2b by ten times for me - the recidive jail never quite worked for me because it was not very configurable, but now we have an ability to generate longer and longer ban times, so Fail2Ban really feels even more useful. > > Tony > > On Fri, 30 Mar 2018 at 11:31, Palvelin Postmaster via Fail2ban-users <fai...@li...> wrote: > > > > On 15 Mar 2018, at 12:00, Tony Collins <to...@ev...> wrote: > > > > One other thing: the 0.11.x version of f2b has a ban time "multiplier", which is just fantastic - if the same IP keeps getting banned, f2b automatically increases the ban time. To do that you need a long 'purgeage' setting (so it can remember that an IP was banned a few months ago), and again once you use f2b to manage your blocks, it can just take care of everything - you never need to use iptables commands for unblocking, because f2b 0.11.x manages ban times so much more effectively and logically. F2b has always managed bans and unbans pretty well, but there's been some really excellent polish applied to recent versions. > > Is the ’multiplier’ applied automatically or is there a setting? > > I presumw by ’purgeable’ you refer the dbpurgeage setting. Where should one ideally set it in regards to the new automatically increasing ban time? > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > -- > -- Tony Collins > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
|
From: Tony C. <to...@ev...> - 2018-03-30 12:10:48
|
Hi! It's really configurable: there's a basic on/off setting, but you can also tell it how much to increase by each time, and you can set either simple or aggressive formulae. This is one of the settings for the multiplier: bantime.multipliers = 1 2 16 90 182 365 1000 2000 That shows how aggressively it will increase the bantime. In example above, my bantime of 86400 (1 day) will ban a persistent offender for 1 day, 2 days, 16 days etc. You can configure it in a really granular way if you manipulate the ban time with the multiplier. In terms of purging, yes I'm talking about dbpurgeage. Until 0.10 or 0.11 that setting didn't actually do anything. No function was ever written to purge the DB. Now it works; it does purge after dbpurgeage. So I set my purge age to 2 years, so that it remembers long-time bans. But that's because my multiplier eventually bans bad IPa for a year or more. The purge age amount depends on what sort of ban times you set. If you want to discuss more specific examples, I can show you how I'm using it. It's honestly improved f2b by ten times for me - the recidive jail never quite worked for me because it was not very configurable, but now we have an ability to generate longer and longer ban times, so Fail2Ban really feels even more useful. Tony On Fri, 30 Mar 2018 at 11:31, Palvelin Postmaster via Fail2ban-users < fai...@li...> wrote: > > > > On 15 Mar 2018, at 12:00, Tony Collins <to...@ev...> wrote: > > > > One other thing: the 0.11.x version of f2b has a ban time "multiplier", > which is just fantastic - if the same IP keeps getting banned, f2b > automatically increases the ban time. To do that you need a long 'purgeage' > setting (so it can remember that an IP was banned a few months ago), and > again once you use f2b to manage your blocks, it can just take care of > everything - you never need to use iptables commands for unblocking, > because f2b 0.11.x manages ban times so much more effectively and > logically. F2b has always managed bans and unbans pretty well, but there's > been some really excellent polish applied to recent versions. > > Is the ’multiplier’ applied automatically or is there a setting? > > I presumw by ’purgeable’ you refer the dbpurgeage setting. Where should > one ideally set it in regards to the new automatically increasing ban time? > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > -- -- Tony Collins |
|
From: Palvelin P. <pos...@pa...> - 2018-03-30 10:30:46
|
> On 15 Mar 2018, at 12:00, Tony Collins <to...@ev...> wrote: > > One other thing: the 0.11.x version of f2b has a ban time "multiplier", which is just fantastic - if the same IP keeps getting banned, f2b automatically increases the ban time. To do that you need a long 'purgeage' setting (so it can remember that an IP was banned a few months ago), and again once you use f2b to manage your blocks, it can just take care of everything - you never need to use iptables commands for unblocking, because f2b 0.11.x manages ban times so much more effectively and logically. F2b has always managed bans and unbans pretty well, but there's been some really excellent polish applied to recent versions. Is the ’multiplier’ applied automatically or is there a setting? I presumw by ’purgeable’ you refer the dbpurgeage setting. Where should one ideally set it in regards to the new automatically increasing ban time? |
|
From: Palvelin P. <pos...@pa...> - 2018-03-30 09:56:41
|
I thought I’d share my experiences with setting up fail2ban on macOS High Sierra. Some of you may know Apple has, for a large part, transitioned from cleartext logging to unified binary logging (https://developer.apple.com/documentation/os/logging). That means many key system daemons such as sshd log very little, if anything, to good ole’ system.log anymore. External tools like fail2ban can’t read the binary format directly, so some ”middleware” is needed. Fortunately the systm has a log command which can be used to read the binary logs and even stream events to a cleartext log file. I created the following command which I run as a script under daemondo. It creates a separate log file for sshd events which monitor with fail2ban to get relevant sshd log entries. sudo log stream --predicate '(process == "sshd")' --style syslog --level info --type=log >> /var/log/logstreams/sshd.log I would like to also log and monitor smbd logins but so far haven’t found a way to do that. Streaming the smbd process logs doesn’t appear to log logins. |
|
From: Tom H. <to...@wh...> - 2018-03-30 09:08:02
|
On 30-03-18 09:54, Tom Hendrikx wrote: > > > On 29-03-18 20:54, Ben Coleman wrote: >> On 3/29/2018 5:35 AM, Jaydeep Zala wrote: >>> Hello guys, >>> How can I whitelist my IP's dynamically, means from SQL query..? >>> anyone have an idea about this? >> >> I think you'd have to generate a local .conf file (perhaps in jail.d) >> that contains an ignore-id setting with all of the IP's you'd like to >> whitelist, then have fail2ban reload. I've taken a similar approach to >> configuring the addresses that nagios-nrpe will accept queries from (in >> my case, the nagios server was sitting behind a dynamic home connection). >> > > The problemen here might be that every time your whitelist changes, you > have to reload fail2ban to get the new entries into fail2ban. > Replying to myself here, but you could probably work around this by creating an ignorecommand that queries your database directly. I couldn't find a lot of documentation on that feature, but there's one implementation available at https://github.com/fail2ban/fail2ban/tree/0.11/config/filter.d/ignorecommands Kind regards, Tom |
|
From: Tom H. <to...@wh...> - 2018-03-30 08:10:51
|
On 29-03-18 20:54, Ben Coleman wrote: > On 3/29/2018 5:35 AM, Jaydeep Zala wrote: >> Hello guys, >> How can I whitelist my IP's dynamically, means from SQL query..? >> anyone have an idea about this? > > I think you'd have to generate a local .conf file (perhaps in jail.d) > that contains an ignore-id setting with all of the IP's you'd like to > whitelist, then have fail2ban reload. I've taken a similar approach to > configuring the addresses that nagios-nrpe will accept queries from (in > my case, the nagios server was sitting behind a dynamic home connection). > The problemen here might be that every time your whitelist changes, you have to reload fail2ban to get the new entries into fail2ban. Kind regards, Tom |
|
From: chaouche y. <yac...@ya...> - 2018-03-29 22:18:10
|
In that case you can use sed -i.bak to replace the global ignoreip in jail.local with all the desired IP addresses, something along the lines of:
(while read IP; do IPs=$IPs" $IP"; done;) < /etc/fail2ban/whitelist.txt; sed -i.bak "s/ignoreip=.*/ignoreip=$IPs/" /etc/fail2ban/jail.local
(untested)
Yassine.
On Thursday, March 29, 2018, 1:59:52 PM GMT+2, Jaydeep Zala <jay...@ec...> wrote:
Hello Yassine,
above script not work for mine scenario, while surfing google I find that It may be working with the use of customized action.
I'd created /etc/fail2ban/action.d/ssh_ignore.conf which looks like
-------------------------------------
[Definition]
actionstart =
actionstop =
actioncheck = /etc/fail2ban/test.txt = <ip>
actionban = fail2ban-client set sshd addignoreip <ip>
actionunban = fail2ban-client set sshd delignoreip <ip>
[Init]
name = default
chain = INPUT
--------------------------------------
but actioncheck condition unban all IP's, I want to Whitelist only IP's which are mentioned in my test.txt file,
did you find any clue which may only allow IP's are mention in test.txt file,
Now I've to create scenario or condition which fulfill my requirement. can you Please suggest me some condition for actioncheck ???
thanks & regards,
Jaydeep
On Thu, Mar 29, 2018 at 5:00 PM, chaouche yacine <yac...@ya...> wrote:
There's a fail2ban-client set unabnip <IP> command but you also need to provide the JAIL in which it was banned, so it gets a little complicated, so for each IP you should issue this command for all the jails you have. For example :
root@messagerie[10.10.10.19] ~ # fail2ban-client set ssh unbanip 49.80.42.240
ERROR NOK: ('IP 49.80.42.240 is not banned',)
IP 49.80.42.240 is not banned
root@messagerie[10.10.10.19] ~ #
root@messagerie[10.10.10.19] ~ # fail2ban-client set postfix-sasl unbanip 49.80.42.240
49.80.42.240
root@messagerie[10.10.10.19] ~ #
The IP was banned in postfix-sasl but not in ssh.
You can probably go from there :
(while read IP; do for jail in ssh postfix-sasl dovecot roundcube-auth (...); do fail2ban-client set "$jail" unabnip "$IP"; done; done) < /etc/fail2ban/test.txt.
I haven't tested it but you get the idea.
Yassine.
On Thursday, March 29, 2018, 12:15:14 PM GMT+1, Jaydeep Zala <jay...@ec...> wrote:
Hello Yassine,
I'd create MySQL query mysql -uuser -ppassword -Ddatabase -s -N -e 'SELECT GROUP_CONCAT(fw_ip) FROM (fail2ban_whitelist);' > /etc/fail2ban/test.txt
This query in crontab thus it will continue updating the test.txt file
in test.txt I have a list of My Ip's which comes from my database and I've to whitelist all the IP's which are in my database.
I tried lot's of stuff but I didn't get success to whitelist my IP's.
Can you Please guide me how can I do this or any alternative to this?
thanks & regards,
Jaydeep
On Thu, Mar 29, 2018 at 4:32 PM, chaouche yacine via Fail2ban-users <fail2ban-users@lists. sourceforge.net> wrote:
Hello Jaydeep,
I was wondering what you mean by dynamically ? can you give a scenario or use case ?
Yassine
On Thursday, March 29, 2018, 11:01:49 AM GMT+1, Jaydeep Zala <jay...@ec...> wrote:
Hello guys,
How can I whitelist my IP's dynamically, means from SQL query..?
anyone have an idea about this?
--
Thanks & RegardsJaydeep Zala
------------------------------ ------------------------------ ------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ ______________________________ ___________
Fail2ban-users mailing list
Fail2ban-users@lists. sourceforge.net
https://lists.sourceforge.net/ lists/listinfo/fail2ban-users
------------------------------ ------------------------------ ------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
______________________________ _________________
Fail2ban-users mailing list
Fail2ban-users@lists. sourceforge.net
https://lists.sourceforge.net/ lists/listinfo/fail2ban-users
--
Thanks & RegardsJaydeep Zala
Ecosmob Technologies Pvt. Ltd.
https://www.ecosmob.com
--
Thanks & RegardsJaydeep Zala
Ecosmob Technologies Pvt. Ltd.
https://www.ecosmob.com
|
|
From: Ramses <ram...@gm...> - 2018-03-29 21:49:41
|
El 29 de marzo de 2018 22:25:44 CEST, Yehuda Katz <ye...@ym...> escribió: >Are you sure you sent to the correct mailing list? > >Sent from a device with a very small keyboard and hyperactive >autocorrect. > >On Thu, Mar 29, 2018, 3:32 PM Ramses <ram...@gm...> wrote: > >> Hi everyone, >> >> I have installed Tinc-VPN v1.0.19-3 that is the last, versión that >there >> is in Raspbian 7, installed with the apt-get command. >> >> I will like know what will be the best way to migrate this version to >> Tinc-VPN v1.1 >> >> >> Regards, >> >> Ramses >> >> >> >------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> Sorry, I have made a mistake. I wanted to send the message to another users list. Regards, Ramses |
|
From: Yehuda K. <ye...@ym...> - 2018-03-29 20:48:06
|
Are you sure you sent to the correct mailing list? Sent from a device with a very small keyboard and hyperactive autocorrect. On Thu, Mar 29, 2018, 3:32 PM Ramses <ram...@gm...> wrote: > Hi everyone, > > I have installed Tinc-VPN v1.0.19-3 that is the last, versión that there > is in Raspbian 7, installed with the apt-get command. > > I will like know what will be the best way to migrate this version to > Tinc-VPN v1.1 > > > Regards, > > Ramses > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |
|
From: Ramses <ram...@gm...> - 2018-03-29 19:33:08
|
Hi everyone, I need know if there is any command that show the hosts connected, networks, etc... in a Tinc-VPN v1.0 how in Tinc-VPN v1.1 Regards, Ramses |
|
From: Ramses <ram...@gm...> - 2018-03-29 19:31:30
|
Hi everyone, I have installed Tinc-VPN v1.0.19-3 that is the last, versión that there is in Raspbian 7, installed with the apt-get command. I will like know what will be the best way to migrate this version to Tinc-VPN v1.1 Regards, Ramses |
|
From: Ben C. <ol...@be...> - 2018-03-29 19:11:01
|
On 3/29/2018 5:35 AM, Jaydeep Zala wrote: > Hello guys, > How can I whitelist my IP's dynamically, means from SQL query..? > anyone have an idea about this? I think you'd have to generate a local .conf file (perhaps in jail.d) that contains an ignore-id setting with all of the IP's you'd like to whitelist, then have fail2ban reload. I've taken a similar approach to configuring the addresses that nagios-nrpe will accept queries from (in my case, the nagios server was sitting behind a dynamic home connection). Ben -- Ben Coleman ol...@be... | For the wise man, doing right trumps http://oloryn.benshome.net/ | looking right. For the fool, looking Amateur Radio NJ8J | right trumps doing right. |
|
From: chaouche y. <yac...@ya...> - 2018-03-29 11:30:53
|
There's a fail2ban-client set unabnip <IP> command but you also need to provide the JAIL in which it was banned, so it gets a little complicated, so for each IP you should issue this command for all the jails you have. For example :
root@messagerie[10.10.10.19] ~ # fail2ban-client set ssh unbanip 49.80.42.240
ERROR NOK: ('IP 49.80.42.240 is not banned',)
IP 49.80.42.240 is not banned
root@messagerie[10.10.10.19] ~ #
root@messagerie[10.10.10.19] ~ # fail2ban-client set postfix-sasl unbanip 49.80.42.240
49.80.42.240
root@messagerie[10.10.10.19] ~ #
The IP was banned in postfix-sasl but not in ssh.
You can probably go from there :
(while read IP; do for jail in ssh postfix-sasl dovecot roundcube-auth (...); do fail2ban-client set "$jail" unabnip "$IP"; done; done) < /etc/fail2ban/test.txt.
I haven't tested it but you get the idea.
Yassine.
On Thursday, March 29, 2018, 12:15:14 PM GMT+1, Jaydeep Zala <jay...@ec...> wrote:
Hello Yassine,
I'd create MySQL query mysql -uuser -ppassword -Ddatabase -s -N -e 'SELECT GROUP_CONCAT(fw_ip) FROM (fail2ban_whitelist);' > /etc/fail2ban/test.txt
This query in crontab thus it will continue updating the test.txt file
in test.txt I have a list of My Ip's which comes from my database and I've to whitelist all the IP's which are in my database.
I tried lot's of stuff but I didn't get success to whitelist my IP's.
Can you Please guide me how can I do this or any alternative to this?
thanks & regards,
Jaydeep
On Thu, Mar 29, 2018 at 4:32 PM, chaouche yacine via Fail2ban-users <fai...@li...> wrote:
Hello Jaydeep,
I was wondering what you mean by dynamically ? can you give a scenario or use case ?
Yassine
On Thursday, March 29, 2018, 11:01:49 AM GMT+1, Jaydeep Zala <jay...@ec...> wrote:
Hello guys,
How can I whitelist my IP's dynamically, means from SQL query..?
anyone have an idea about this?
--
Thanks & RegardsJaydeep Zala
------------------------------ ------------------------------ ------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot______ ______________________________ ___________
Fail2ban-users mailing list
Fail2ban-users@lists. sourceforge.net
https://lists.sourceforge.net/ lists/listinfo/fail2ban-users
------------------------------ ------------------------------ ------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
______________________________ _________________
Fail2ban-users mailing list
Fail2ban-users@lists. sourceforge.net
https://lists.sourceforge.net/ lists/listinfo/fail2ban-users
--
Thanks & RegardsJaydeep Zala
Ecosmob Technologies Pvt. Ltd.
https://www.ecosmob.com
|
|
From: chaouche y. <yac...@ya...> - 2018-03-29 11:02:24
|
Hello Jaydeep,
I was wondering what you mean by dynamically ? can you give a scenario or use case ?
Yassine
On Thursday, March 29, 2018, 11:01:49 AM GMT+1, Jaydeep Zala <jay...@ec...> wrote:
Hello guys,
How can I whitelist my IP's dynamically, means from SQL query..?
anyone have an idea about this?
--
Thanks & RegardsJaydeep Zala
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list
Fai...@li...
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
|
|
From: Jaydeep Z. <jay...@ec...> - 2018-03-29 10:00:57
|
Hello guys, How can I whitelist my IP's dynamically, means from SQL query..? anyone have an idea about this? -- *Thanks & Regards* *Jaydeep Zala* |
|
From: <tk...@it...> - 2018-03-28 21:52:52
|
Hi all, win2ban is a Fail2ban implementation for Windows systems. It is a packaging of Fail2ban, Python, Cygwin, Winlogbeat and many other related tools to make it a complete and ready-to-use solution for brute-force attack protection. Win2ban installs fail2ban and optional winlogbeat as Windows services. The file jail.local is configured with a proper set of default parameters for Windows usage. The file windows-firewall.local in the action.d directory contains ban/unban commands for the Windows firewall. A shell environment can be initiated by running twin2ban-shell.cmd located at the root of the installation directory. If you have selected to install winlogbeat as well, it can be configured via winlogbeat/win2ban.yml. By default it is configured to output event log entries last 72 hours from application, system and security eventlogs, to the logfile winlogbeatlogseventlog for further processing by Fail2ban. Check https://itefix.net/win2ban for more information. Kind regards Tev |
|
From: chaouche y. <yac...@ya...> - 2018-03-27 17:15:26
|
I have slightly changed the regex, removing only the first character (^). It went from : ^\\s*(\\[(\\s[+-][0-9]{4})?\\])?(\\S+ roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\\. .* in .*?/rcube_imap\\.php on line \\d+ \\(\\S+ \\S+\\))?$
to
\\s*(\\[(\\s[+-][0-9]{4})?\\])?(\\S+ roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\\. .* in .*?/rcube_imap\\.php on line \\d+ \\(\\S+ \\S+\\))?$
Now it matches correctly.Yassine.
On Tuesday, March 27, 2018, 5:47:45 PM GMT+1, chaouche yacine via Fail2ban-users <fai...@li...> wrote:
Hello fail2ban,
I am trying to get the roundcube filter working to no avail. Here's what I did so far :
Here's my jail.conf
[roundcube-auth]
enabled = true
filter = roundcube-auth
port = http,https
logpath =/var/www/roundcubemail-1.2.4/logs/errors
Here's output of fail2ban-client -d | grep roundcube
root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep roundcube
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
['add', 'roundcube-auth', 'auto']
['set', 'roundcube-auth', 'usedns', 'warn']
['set', 'roundcube-auth', 'addlogpath', '/var/www/roundcubemail-1.2.4/logs/errors']
['set', 'roundcube-auth', 'maxretry', 3]
['set', 'roundcube-auth', 'addignoreip', '127.0.0.1/8']
['set', 'roundcube-auth', 'addignoreip', '10.10.10.0/24']
['set', 'roundcube-auth', 'addignoreip', '172.16.0.0/16']
['set', 'roundcube-auth', 'addignoreip', '192.168.0.0/16']
['set', 'roundcube-auth', 'addignoreip', '197.201.1.66']
['set', 'roundcube-auth', 'ignorecommand', '']
['set', 'roundcube-auth', 'findtime', 600]
['set', 'roundcube-auth', 'bantime', 86400]
['set', 'roundcube-auth', 'addfailregex', '^\\s*(\\[(\\s[+-][0-9]{4})?\\])?(\\S+ roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\\. .* in .*?/rcube_imap\\.php on line \\d+ \\(\\S+ \\S+\\))?$']
['set', 'roundcube-auth', 'addaction', 'shorewall']
['set', 'roundcube-auth', 'actionban', 'shorewall', 'shorewall <blocktype> <ip>']
['set', 'roundcube-auth', 'actionstop', 'shorewall', '']
['set', 'roundcube-auth', 'actionstart', 'shorewall', '']
['set', 'roundcube-auth', 'actionunban', 'shorewall', 'shorewall allow <ip>']
['set', 'roundcube-auth', 'actioncheck', 'shorewall', '']
['set', 'roundcube-auth', 'setcinfo', 'shorewall', 'blocktype', 'reject']
['start', 'roundcube-auth']
root@messagerie[10.10.10.19] ~ #
Here's output of fail2ban-regex
root@messagerie[10.10.10.19] ~ # fail2ban-regex /var/www/roundcubemail-1.2.4/logs/errors /etc/fail2ban/filter.d/roundcube-auth.conf
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/roundcube-auth.conf
Use log file : /var/www/roundcubemail-1.2.4/logs/errors
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [165] Day-MONTH-Year Hour:Minute:Second[.Millisecond]
`-
Lines: 165 lines, 0 ignored, 0 matched, 165 missed
Missed line(s): too many to print. Use --print-all-missed to print all 165 lines
root@messagerie[10.10.10.19] ~ #
Here's a tail on my log file
root@messagerie[10.10.10.19] ~ # tail /var/www/roundcubemail-1.2.4/logs/errors | SCRIPTS/MAIL/stripemailaddresses.sed
[27-Mar-2018 16:47:29 +0100]: <4u50p4rv> IMAP Error: Login failed for adel.taiebezzraimi from 41.110.64.109. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 16:47:50 +0100]: <4u50p4rv> IMAP Error: Login failed for ade...@me...d from 41.110.64.109. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 16:48:06 +0100]: <4u50p4rv> IMAP Error: Login failed for ade...@my...d from 41.110.64.109. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:12:03 +0100]: <k5ks3u4n> IMAP Error: Login failed for doz from 192.168.211.71. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:31:04 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:32:22 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:32:32 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:32:51 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:33:11 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:34:08 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
root@messagerie[10.10.10.19] ~ #
What am I missing ?
Yassine
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list
Fai...@li...
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
|
|
From: chaouche y. <yac...@ya...> - 2018-03-27 16:47:10
|
Hello fail2ban,
I am trying to get the roundcube filter working to no avail. Here's what I did so far :
Here's my jail.conf
[roundcube-auth]
enabled = true
filter = roundcube-auth
port = http,https
logpath =/var/www/roundcubemail-1.2.4/logs/errors
Here's output of fail2ban-client -d | grep roundcube
root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep roundcube
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
['add', 'roundcube-auth', 'auto']
['set', 'roundcube-auth', 'usedns', 'warn']
['set', 'roundcube-auth', 'addlogpath', '/var/www/roundcubemail-1.2.4/logs/errors']
['set', 'roundcube-auth', 'maxretry', 3]
['set', 'roundcube-auth', 'addignoreip', '127.0.0.1/8']
['set', 'roundcube-auth', 'addignoreip', '10.10.10.0/24']
['set', 'roundcube-auth', 'addignoreip', '172.16.0.0/16']
['set', 'roundcube-auth', 'addignoreip', '192.168.0.0/16']
['set', 'roundcube-auth', 'addignoreip', '197.201.1.66']
['set', 'roundcube-auth', 'ignorecommand', '']
['set', 'roundcube-auth', 'findtime', 600]
['set', 'roundcube-auth', 'bantime', 86400]
['set', 'roundcube-auth', 'addfailregex', '^\\s*(\\[(\\s[+-][0-9]{4})?\\])?(\\S+ roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\\. .* in .*?/rcube_imap\\.php on line \\d+ \\(\\S+ \\S+\\))?$']
['set', 'roundcube-auth', 'addaction', 'shorewall']
['set', 'roundcube-auth', 'actionban', 'shorewall', 'shorewall <blocktype> <ip>']
['set', 'roundcube-auth', 'actionstop', 'shorewall', '']
['set', 'roundcube-auth', 'actionstart', 'shorewall', '']
['set', 'roundcube-auth', 'actionunban', 'shorewall', 'shorewall allow <ip>']
['set', 'roundcube-auth', 'actioncheck', 'shorewall', '']
['set', 'roundcube-auth', 'setcinfo', 'shorewall', 'blocktype', 'reject']
['start', 'roundcube-auth']
root@messagerie[10.10.10.19] ~ #
Here's output of fail2ban-regex
root@messagerie[10.10.10.19] ~ # fail2ban-regex /var/www/roundcubemail-1.2.4/logs/errors /etc/fail2ban/filter.d/roundcube-auth.conf
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/roundcube-auth.conf
Use log file : /var/www/roundcubemail-1.2.4/logs/errors
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [165] Day-MONTH-Year Hour:Minute:Second[.Millisecond]
`-
Lines: 165 lines, 0 ignored, 0 matched, 165 missed
Missed line(s): too many to print. Use --print-all-missed to print all 165 lines
root@messagerie[10.10.10.19] ~ #
Here's a tail on my log file
root@messagerie[10.10.10.19] ~ # tail /var/www/roundcubemail-1.2.4/logs/errors | SCRIPTS/MAIL/stripemailaddresses.sed
[27-Mar-2018 16:47:29 +0100]: <4u50p4rv> IMAP Error: Login failed for adel.taiebezzraimi from 41.110.64.109. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 16:47:50 +0100]: <4u50p4rv> IMAP Error: Login failed for ade...@me...d from 41.110.64.109. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 16:48:06 +0100]: <4u50p4rv> IMAP Error: Login failed for ade...@my...d from 41.110.64.109. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:12:03 +0100]: <k5ks3u4n> IMAP Error: Login failed for doz from 192.168.211.71. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:31:04 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:32:22 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:32:32 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:32:51 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:33:11 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
[27-Mar-2018 17:34:08 +0100]: <3a6ja5m0> IMAP Error: Login failed for dza from 69.30.218.150. AUTHENTICATE PLAIN: Authentication failed. in /var/www/roundcubemail-1.2.4/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
root@messagerie[10.10.10.19] ~ #
What am I missing ?
Yassine
|
|
From: Petri R. <pet...@me...> - 2018-03-27 12:09:57
|
> as per you say "or even a text file", I'd created a text file which is continuous edit with MySQL query like "mysql -uuser -ppassword -Ddb_name -N -e 'SELECT GROUP_CONCAT(fw_ip) FROM (fail2ban_whitelist);' > /tmp/test.txt", and after putting it to the jail.local at -> ignorecommand and restart the fail2ban it will through error like
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 2018-03-27 05:20:39,172 fail2ban [20280]: CRITICAL Unhandled exception in Fail2Ban:
> Traceback (most recent call last):
> File "/usr/lib/python2.7/site-packages/fail2ban-0.9.6-py2.7.egg/fail2ban/server/jailthread.py", line 66, in run_with_except_hook
> run(*args, **kwargs)
> File "/usr/lib/python2.7/site-packages/fail2ban-0.9.6-py2.7.egg/fail2ban/server/filtersystemd.py", line 272, in run
> *self.formatJournalEntry(logentry))
> File "/usr/lib/python2.7/site-packages/fail2ban-0.9.6-py2.7.egg/fail2ban/server/filter.py", line 475, in processLineAndAdd
> if self.inIgnoreIPList(ip, log_ignore=True):
> File "/usr/lib/python2.7/site-packages/fail2ban-0.9.6-py2.7.egg/fail2ban/server/filter.py", line 395, in inIgnoreIPList
> "(?<=b)1+", bin(DNSUtils.addr2bin(s[1]))).group())
> File "/usr/lib/python2.7/site-packages/fail2ban-0.9.6-py2.7.egg/fail2ban/server/filter.py", line 976, in addr2bin
> return struct.unpack("!L", socket.inet_aton(ipstring))[0]
> error: illegal IP address string passed to inet_aton
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> I'd done lot's of surfing to resolve this issue, but it can't be resolved by me, is there any solution of this from your side?
Reading the error message it appears that your IP addresses are malformed (error: illegal IP address string passed to inet_aton). How does /tmp/test.txt look like? What do you get if you run the ignorecommand manually for some IP that is/isn’t in the file?
Just a side note: You shouldn’t be continuously updating the file. You should run a timed batch job typically by cron or systemd.
br, Petri
|
|
From: Mark C. <ch...@sw...> - 2018-03-22 16:57:28
|
I look forward to trying that feature when it gets rolled out in package managers. In the mean time, the "recidive" jail is set up to try to satisfy this need before that feature existed. It is a jail which watches fail2ban's own logfile, and bans IPs that have been repeatedly banned. E.g. I typically have a 1-hour ban for something, and then the recidive watches and any IP that has gotten banned more than 3 times in a day (or whatever) then gets banned for 1 week. A true exponential bantime modifier like what is apparently in the dev build is certainly better than recidive, but recidive is available right now and works "well enough". Thanks, Mark On Thu, Mar 22, 2018 at 03:45:57PM +0100, Roy Sigurd Karlsbakk via Fail2ban-users wrote: > Well, I can do it manually, but I prefer packages. Perhaps the debian/ > dir and its contents should be in master instead of separate branches? > It's not much, really⦠> Vennlig hilsen > roy > -- > Roy Sigurd Karlsbakk > (+47) 98013356 > http://blogg.karlsbakk.net/ > GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > -- > Hið góða skaltu à stein höggva, hið illa à snjó rita. > __________________________________________________________________ > > From: "Tony Collins" <to...@ev...> > To: "Fail2ban Users" <fai...@li...> > Sent: Sunday, 18 March, 2018 22:15:32 > Subject: Re: [Fail2ban-users] Incremental ban time? > > Hi -sorry I've got no idea at all. I now take my versions directly from > the github repository and install it manually. That's definitely > something I can help with if you want to do it that way. > On Sat, 17 Mar 2018 at 18:50, Roy Sigurd Karlsbakk > <[1]ro...@ka...> wrote: > > Looks good! Any idea how to easily create a debian package out of that? > Vennlig hilsen > roy > -- > Roy Sigurd Karlsbakk > (+47) 98013356 > [2]http://blogg.karlsbakk.net/ > GPG Public key: [3]http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > -- > Hið góða skaltu à stein höggva, hið illa à snjó rita. > __________________________________________________________________ > > From: "Tony Collins" <[4]to...@ev...> > To: "Fail2ban Users" <[5]fai...@li...> > Sent: Saturday, 17 March, 2018 18:02:18 > Subject: Re: [Fail2ban-users] Incremental ban time? > > That's a built-in feature of the 0.11 development build and it works > fantastically! It's really flexible and configurable. > On Sat, 17 Mar 2018 at 17:00, Roy Sigurd Karlsbakk via Fail2ban-users > <[6]fai...@li...> wrote: > > hi all > I've been looking at my logs, and quite often, the IP addresses > blocked are blocked again and again, so what about a feature like > "Block <n> minutes, then remove block, and if an attempt is made to > login from the same address within <m> minutes and a new failure > happens, block <n*2> minutes, and then n*4 etc. I don't know the > code too well, so I don't feel like just attempting to fix this > myself (and I don't know python very well either). > Vennlig hilsen > roy > -- > Roy Sigurd Karlsbakk > (+47) 98013356 > [7]http://blogg.karlsbakk.net/ > GPG Public key: > [8]http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > -- > Hið góða skaltu à stein höggva, hið illa à snjó rita. > -------------------------------------------------------------------- > ---------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! [9]http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [10]Fai...@li... > [11]https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- > > -- Tony Collins > > -------------------------------------------------------------------- > ---------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! [12]http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [13]Fai...@li... > [14]https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- > > -- Tony Collins > > -------------------------------------------------------------------- > ---------- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > References > > 1. mailto:ro...@ka... > 2. http://blogg.karlsbakk.net/ > 3. http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > 4. mailto:to...@ev... > 5. mailto:fai...@li... > 6. mailto:fai...@li... > 7. http://blogg.karlsbakk.net/ > 8. http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > 9. http://sdm.link/slashdot > 10. mailto:Fai...@li... > 11. https://lists.sourceforge.net/lists/listinfo/fail2ban-users > 12. http://sdm.link/slashdot > 13. mailto:Fai...@li... > 14. https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Mark Costlow | Southwest Cyberport | Fax: +1-505-232-7975 ch...@sw... | Web: www.swcp.com | Voice: +1-505-232-7992 |
|
From: Roy S. K. <ro...@ka...> - 2018-03-22 14:46:16
|
Well, I can do it manually, but I prefer packages. Perhaps the debian/ dir and its contents should be in master instead of separate branches? It's not much, really… Vennlig hilsen roy -- Roy Sigurd Karlsbakk (+47) 98013356 http://blogg.karlsbakk.net/ GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt -- Hið góða skaltu í stein höggva, hið illa í snjó rita. > From: "Tony Collins" <to...@ev...> > To: "Fail2ban Users" <fai...@li...> > Sent: Sunday, 18 March, 2018 22:15:32 > Subject: Re: [Fail2ban-users] Incremental ban time? > Hi -sorry I've got no idea at all. I now take my versions directly from the > github repository and install it manually. That's definitely something I can > help with if you want to do it that way. > On Sat, 17 Mar 2018 at 18:50, Roy Sigurd Karlsbakk < [ mailto:ro...@ka... > | ro...@ka... ] > wrote: >> Looks good! Any idea how to easily create a debian package out of that? >> Vennlig hilsen >> roy >> -- >> Roy Sigurd Karlsbakk >> (+47) 98013356 >> [ http://blogg.karlsbakk.net/ | http://blogg.karlsbakk.net/ ] >> GPG Public key: [ http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt | >> http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt ] >> -- >> Hið góða skaltu í stein höggva, hið illa í snjó rita. >>> From: "Tony Collins" < [ mailto:to...@ev... | to...@ev... ] > >>> To: "Fail2ban Users" < [ mailto:fai...@li... | >>> fai...@li... ] > >>> Sent: Saturday, 17 March, 2018 18:02:18 >>> Subject: Re: [Fail2ban-users] Incremental ban time? >>> That's a built-in feature of the 0.11 development build and it works >>> fantastically! It's really flexible and configurable. >>> On Sat, 17 Mar 2018 at 17:00, Roy Sigurd Karlsbakk via Fail2ban-users < [ >>> mailto:fai...@li... | >>> fai...@li... ] > wrote: >>>> hi all >>>> I've been looking at my logs, and quite often, the IP addresses blocked are >>>> blocked again and again, so what about a feature like "Block <n> minutes, then >>>> remove block, and if an attempt is made to login from the same address within >>>> <m> minutes and a new failure happens, block <n*2> minutes, and then n*4 etc. I >>>> don't know the code too well, so I don't feel like just attempting to fix this >>>> myself (and I don't know python very well either). >>>> Vennlig hilsen >>>> roy >>>> -- >>>> Roy Sigurd Karlsbakk >>>> (+47) 98013356 >>>> [ http://blogg.karlsbakk.net/ | http://blogg.karlsbakk.net/ ] >>>> GPG Public key: [ http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt | >>>> http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt ] >>>> -- >>>> Hið góða skaltu í stein höggva, hið illa í snjó rita. >>>> ------------------------------------------------------------------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! [ http://sdm.link/slashdot | >>>> http://sdm.link/slashdot ] >>>> _______________________________________________ >>>> Fail2ban-users mailing list >>>> [ mailto:Fai...@li... | >>>> Fai...@li... ] >>>> [ https://lists.sourceforge.net/lists/listinfo/fail2ban-users | >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users ] >>> -- >>> -- Tony Collins >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! [ http://sdm.link/slashdot | >>> http://sdm.link/slashdot ] >>> _______________________________________________ >>> Fail2ban-users mailing list >>> [ mailto:Fai...@li... | >>> Fai...@li... ] >>> [ https://lists.sourceforge.net/lists/listinfo/fail2ban-users | >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users ] > -- > -- Tony Collins > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
|
From: Jaydeep Z. <jay...@ec...> - 2018-03-19 06:40:49
|
Hello all, I'm using CentOS Linux 7 and Fail2Ban v0.9.6. I'd created a script for Whitelisting IP from our database, and I used it in the jail.local like "ignorecommand =/etc/fail2ban/filter.d/ignorecommands/check_ip.sh <ip>" Please find the script below. ----------------- #!/bin/bash ip=$1 myip= mysql -uuser -ppassword -s -N -e "SELECT if(fw_id is not null,1,0) FROM db.table WHERE fw_ip='$1'" if [ "$myip" == "$ip" ]; then exit 0 else exit 1 fi ------------------ in the log, I find that [31611]: ERROR /etc/fail2ban/filter.d/ignorecommands/check_ip.sh 192.168.1.2 -- stdout: '1\n' [31611]: ERROR /etc/fail2ban/filter.d/ignorecommands/check_ip.sh 192.168.1.2 -- stderr: '' [31611]: ERROR /etc/fail2ban/filter.d/ignorecommands/check_ip.sh 192.168.1.2 -- returned 1 [31611]: INFO [nginx-botsearch] Found 192.168.1.2 the same script is working on another server but there is a change in the version, Fail2Ban v0.9.7. on another server version is Fail2Ban v0.9.6, Is there might be an issue of version or anything else? Please reply if you've any idea on this. Thanks and Regards, Jaydeep Zala |
|
From: Tony C. <to...@ev...> - 2018-03-18 21:15:53
|
Hi -sorry I've got no idea at all. I now take my versions directly from the github repository and install it manually. That's definitely something I can help with if you want to do it that way. On Sat, 17 Mar 2018 at 18:50, Roy Sigurd Karlsbakk <ro...@ka...> wrote: > Looks good! Any idea how to easily create a debian package out of that? > > Vennlig hilsen > > roy > -- > Roy Sigurd Karlsbakk > (+47) 98013356 > http://blogg.karlsbakk.net/ > GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt > -- > Hið góða skaltu í stein höggva, hið illa í snjó rita. > > ------------------------------ > > *From: *"Tony Collins" <to...@ev...> > *To: *"Fail2ban Users" <fai...@li...> > *Sent: *Saturday, 17 March, 2018 18:02:18 > *Subject: *Re: [Fail2ban-users] Incremental ban time? > > That's a built-in feature of the 0.11 development build and it works > fantastically! It's really flexible and configurable. > > On Sat, 17 Mar 2018 at 17:00, Roy Sigurd Karlsbakk via Fail2ban-users < > fai...@li...> wrote: > >> hi all >> >> I've been looking at my logs, and quite often, the IP addresses blocked >> are blocked again and again, so what about a feature like "Block <n> >> minutes, then remove block, and if an attempt is made to login from the >> same address within <m> minutes and a new failure happens, block <n*2> >> minutes, and then n*4 etc. I don't know the code too well, so I don't feel >> like just attempting to fix this myself (and I don't know python very well >> either). >> >> Vennlig hilsen >> >> roy >> -- >> Roy Sigurd Karlsbakk >> (+47) 98013356 >> http://blogg.karlsbakk.net/ >> GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt >> -- >> Hið góða skaltu í stein höggva, hið illa í snjó rita. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> > -- > -- Tony Collins > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- -- Tony Collins |
|
From: Roy S. K. <ro...@ka...> - 2018-03-17 18:51:06
|
Looks good! Any idea how to easily create a debian package out of that? Vennlig hilsen roy -- Roy Sigurd Karlsbakk (+47) 98013356 http://blogg.karlsbakk.net/ GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt -- Hið góða skaltu í stein höggva, hið illa í snjó rita. > From: "Tony Collins" <to...@ev...> > To: "Fail2ban Users" <fai...@li...> > Sent: Saturday, 17 March, 2018 18:02:18 > Subject: Re: [Fail2ban-users] Incremental ban time? > That's a built-in feature of the 0.11 development build and it works > fantastically! It's really flexible and configurable. > On Sat, 17 Mar 2018 at 17:00, Roy Sigurd Karlsbakk via Fail2ban-users < [ > mailto:fai...@li... | > fai...@li... ] > wrote: >> hi all >> I've been looking at my logs, and quite often, the IP addresses blocked are >> blocked again and again, so what about a feature like "Block <n> minutes, then >> remove block, and if an attempt is made to login from the same address within >> <m> minutes and a new failure happens, block <n*2> minutes, and then n*4 etc. I >> don't know the code too well, so I don't feel like just attempting to fix this >> myself (and I don't know python very well either). >> Vennlig hilsen >> roy >> -- >> Roy Sigurd Karlsbakk >> (+47) 98013356 >> [ http://blogg.karlsbakk.net/ | http://blogg.karlsbakk.net/ ] >> GPG Public key: [ http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt | >> http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt ] >> -- >> Hið góða skaltu í stein höggva, hið illa í snjó rita. >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! [ http://sdm.link/slashdot | >> http://sdm.link/slashdot ] >> _______________________________________________ >> Fail2ban-users mailing list >> [ mailto:Fai...@li... | >> Fai...@li... ] >> [ https://lists.sourceforge.net/lists/listinfo/fail2ban-users | >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users ] > -- > -- Tony Collins > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
|
From: Mike <mi...@ic...> - 2018-03-17 17:29:46
|
multiple times.. it doesn't work.. I've also tried the un-subscribe link on the web site At 12:20 PM 3/17/2018, you wrote: >On Sat, Mar 17, 2018 at 1:13 PM, Mike <mi...@ic...> wrote: > > anybody know how to get off this list? the links don't work > >Have you tried the links on the header section? > >They are here for your convenience: >List-Unsubscribe: ><https://lists.sourceforge.net/lists/options/fail2ban-users>, > <mailto:fai...@li...?subject=unsubscribe> >List-Archive: ><http://sourceforge.net/mailarchive/forum.php?forum_name=fail2ban-users> >List-Post: <mailto:fai...@li...> >List-Help: <mailto:fai...@li...?subject=help> >List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/fail2ban-users>, > <mailto:fai...@li...?subject=subscribe> |
