From: Mitchell K. P. <mit...@gm...> - 2017-10-25 12:09:22
|
Hi Yehuda Apologies for the late comeback on this but I have tried various things over this past few days and nothing is working for me. Simply nothing is getting reported to blocklist.de First of all I have an issue where they comment *Create a file jail.d/blocklist_de.local containing* *# [Init]* *# blocklist_de_apikey = {api key from registration]* So I have created that include file in that location exactly as per their specs but fail2ban fails to see it whilst loading and fails. So I went a step further and put this entry rather in my jail.local file which is now picked up during loading as it finds the blocklist_de_apikey string and happily loads fail2ban. I have my jails configured like this (below), but whilst I get the email notification with whois lines from the first action, and badips.com gets the notification from the third action listed, the middle action %(action_blocklist_de)s is not working. *[ssh]* *enabled = true* *port = ssh* *filter = sshd* *logpath = /var/log/auth.** *maxretry = 6* *action = %(action_mwl)s* * %(action_blocklist_de)s* * badips[category="sshd", key=“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]* Now in their little documentation snippet they say you add your api key using *blocklist_de_apikey = {api key from registration]* But notice it specifies beginning with *{* and ending *]* …. so beginning with curly bracket and ending with square bracket. Once again this does not work. so I have tried various combinations of it as follows *blocklist_de_apikey = {api key from registration}* *blocklist_de_apikey = api key from registration* But still no reporting to blocklist.de is taking place. What am I missing? This one is sending me running around in circles now. Kind Regards Mitchell From: Mitchell Krog Photography <mit...@gm...> <mit...@gm...> Reply: Mitchell Krog Photography <mit...@gm...> <mit...@gm...> Date: 20 October 2017 at 3:56:16 PM To: Graham Bosworth <gr...@ch...> <gr...@ch...>, Bill Shirley <bsh...@op...> <bsh...@op...> Cc: pa...@op... <pa...@op...> <pa...@op...>, fai...@li... <fai...@li...> <fai...@li...> Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and blocklist.de at same time? Many thanks Yehuda for the reply I am testing it now and will let you know if I get it right, have to wait a few hours before something get’s blacklisted and reported. I did register on blocklist.de to get an API key and set the field "blocklist_de_apikey = xxxxxxxx” in the jail.local so as soon as a repeat offender kicks in I will see if it is reporting to blocklist as well as badips.com. Also thank you to Graham for some support :) much appreciated. I will report back with my findings and confirmation of the changes I made. Kind Regards Mitchell From: Graham Bosworth <gr...@ch...> <gr...@ch...> Reply: Graham Bosworth <gr...@ch...> <gr...@ch...> Date: 20 October 2017 at 1:29:56 AM To: Bill Shirley <bsh...@op...> <bsh...@op...> Cc: pa...@op... <pa...@op...> <pa...@op...>, mit...@gm... <mit...@gm...> <mit...@gm...> Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and blocklist.de at same time? Hello Bill, I was looking forward to an answer to the question from Mitchell, but I did not notice any polite "Please" or "Can you" or any other such polite etiquette in the command "Do not hijack a thread. Start your own thread." A similar sentiment applies to Patrick Shanahan - why be unpleasant when you could be nice? I expect flames. I hope that they do not make me feel miserable. Yours, -- Graham Is there a nice way of saying "euphemism"? On Thu, 19 Oct 2017, Bill Shirley wrote: > Date: Thu, 19 Oct 2017 18:10:14 > From: Bill Shirley <bsh...@op...> > To: fai...@li... > Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and > blocklist.de at same time? > > Mitchell, > I don't think anyone here meant to grind on and on about thread hi-jacking. > You seemed > to not understand doing a reply and replacing the body and subject doesn't > create a > new thread. Now you do; mission accomplished. > > On to your original post, what is it that you want to send to badips.com and > blocklist.de? > Email? What have you tried? > > Bill > > > On 10/19/2017 8:58 AM, Mitchell Krog Photography wrote: > You are so very helpful Patrick, I will also just send your > emails to /dev/null > WOW, what a helpful mailing list this has become with such nice people > and NO …. YOU and 3 other people are the one ranting on about nonsense > and a simple mistake !!! but not one of you can actually even answer a > simple question. > > I will just seek help elsewhere, thank you very much. > > = unsubscribe > > > From: Patrick Shanahan <pa...@op...> > Reply: Patrick Shanahan <pa...@op...> > Date: 19 October 2017 at 2:54:16 PM > To: Mitchell Krog Photography <mit...@gm...> > Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and > blocklist.de at same time? > > * Mitchell Krog Photography <mit...@gm...> > [10-19-17 06:50]: > > Patrick > > > > I help and have helped a lot of people on this list on > the time I have > > been on here. This list is turning into the likes of > Apache user lists > > where everybody rants and raves and nit picks about > nonsense instead of > > answering any questions. If you read my earlier replies > yesterday I > > said it was a mistake and not intentional so why go on > and on and on > > about it? > > > > Are you here to help users or try your very best just to > insult and > > offend them ? > > > > I guess I will probably get a quicker answer from > @Sebres on the github > > repo. > > > > > > From: Patrick Shanahan <pa...@op...> > > Reply: Patrick Shanahan <pa...@op...> > > Date: 19 October 2017 at 12:24:48 PM > > To: Mitchell Krog Photography <mit...@gm...> > > Subject: Re: [Fail2ban-users] Possible Reporting to > badips.com and blocklist.de at same time? > > > > * Mitchell Krog Photography <mit...@gm...> > [10-19-17 06:21]: > > > Hi All > > > > > > Is it possible when a jail blocks an IP to send > > > to badips.com + blocklist.de At the same time ? > > > If so can anyone point me in the right direction. > > > > > > Many Thanks > > > > > > For those accusing me of “hijacking threads” and > telling me to go and > > > Google “email hijacking” as if I have no idea what > that is having being > > > in the industry for 30 years … kindly see attached > screengrab of this > > > brand new message, completely blank and composed with > a slightly > > > different subject line. > > > > and what is it that you believe with your 30 years of > industrial > > experience, this proves. you do not show the complete > header, only what > > your chosen client reveals to you. google may (keyword) > indeed help you > > or not ??? > > > > -- > > (paka)Patrick Shanahan Plainfield, Indiana, USA > @ptilopteri > > http://en.opensuse.org openSUSE Community Member > facebook/ptilopteri > > Registered Linux User #207535 @ http://linuxcounter.net > > Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet > freenode > > I guess you *really* do not understand. and your choice to > continue > ranting is on you along with your choice to top post and > full quote and > unformatted text. I do have a solution: > > :0: > * ^From.*mitchellkrog > /dev/null > > > -- > (paka)Patrick Shanahan Plainfield, Indiana, USA > @ptilopteri > http://en.opensuse.org openSUSE Community Member > facebook/ptilopteri > Registered Linux User #207535 @ http://linuxcounter.net > Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet > freenode [--- snipped --] |