fail2ban

**minde** » 2012-03-23 14:35:50

Tokia beda, negaliu nustatyti niekaip fail2ban.

2012-03-23 13:26:00,310 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
2012-03-23 13:26:00,311 fail2ban.jail   : INFO   Creating new jail 'portscan'
2012-03-23 13:26:00,312 fail2ban.jail   : INFO   Jail 'portscan' uses Gamin
2012-03-23 13:26:01,517 fail2ban.comm   : WARNING Invalid command: ['add', 'portscan', 'auto']
2012-03-23 13:26:21,922 fail2ban.comm   : WARNING Invalid command: ['status', 'portscan']

jail.conf:

Kodas: Pasirinkti visus

[portscan]
 
enabled = true
filter  = portscan
protocol = all
action   = iptables-allports
logpath = /var/log/iptables.log
maxretry = 1
bantime = 40000

filter.d/portscan.conf:

Kodas: Pasirinkti visus

# Fail2Ban configuration file
#
# Author: Mindaugas <mindeunix@gmail.com>
#
 
[Definition]
 
# Option:  failregex
# Notes.:  regex to match vrmr: DROP IN=eth0 SRC= as notified by iptables
# Values:  TEXT
#
failregex = .*vrmr: DROP .*IN=eth0 .* SRC=<HOST> *.
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

regex tik pabandyti ar veikia, ir jis tikrai veikia:

Kodas: Pasirinkti visus

 
Running tests
=============
 
Use regex file : /home/minde/etc/fail2ban/filter.d/portscan.conf
Use log file   : /var/log/iptables.log
 
 
Results
=======
 
Failregex
|- Regular expressions:
|  [1] .*vrmr: DROP .*IN=eth0 .* SRC=<HOST> *. DST=86.100.226.46 *.
|
`- Number of matches:
   [1] 7 match(es)
 
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
 
Summary
=======
 
Addresses found:
[1]
    211.142.173.1 (Fri Mar 23 03:05:43 2012)
    46.165.197.1 (Fri Mar 23 12:22:17 2012)
    109.200.9.14 (Fri Mar 23 13:02:42 2012)
    95.9.59.8 (Fri Mar 23 13:07:43 2012)
    24.129.164.17 (Fri Mar 23 13:21:06 2012)
    4.69.140.19 (Fri Mar 23 13:22:11 2012)
    81.4.135.6 (Fri Mar 23 13:24:35 2012)
 
Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
44 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
 
Success, the total number of match is 7

Bet kodel neblokuoja ? Kur klaida padariau ?

**minde** » 2012-03-24 00:09:48

Sutvarkiau. Fail2ban pakeiciau backend i polling (fail2ban bug'as).

**MKas** » 2012-03-24 08:14:20

O kurią fail2ban versiją naudoji?

**minde** » 2012-03-24 10:38:14

Fail2Ban v0.8.6, ir "auto" neveikia. pakeitus backend i polling viskas gerai, bet ant auto naudoja gamin kurio as neturiu

fail2ban

fail2ban

Re: fail2ban

Re: fail2ban

Re: fail2ban

Dabar prisijungę