Re: extending fail2ban

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 22 May 2008 09:42:11 -0700
"Don Russell" <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote:

> I installed fail2 ban and it seems to do a nice job of reporting
> people knocking at my door and shutting them down temporarily.
> 
> Is there any doc on how I could add other "intruder detection".... :-)
> man fail2ban and info fail2ban come up dry. :-(
> The fedora project page doesn't have anything on it either:
>  https://admin.fedoraproject.org/pkgdb/packages/name/fail2ban
> 
> i.e. I have an application I run via xinetd.
> 
> If the client tries to connect with the incorrect protocol, I just
> respond with a terse "wrong protocol" message and exit.
> 
> My xinet logs show the same IP address connecting with the wrong
> protocol over and over... They're obviously "up to no good" :-).
> 
> How can I "teach" fail2ban to block those people too?
> 
> It's not a password violation.. there's no password on it... it's
> meant for public consumption, but only if you are using the correct
> protocol.
> 
> I could do my own "blocking", but I'd like to use the tools that are
> already there.
> 
> Thanks,
> 
You'd have to set up a new jail along with a new filter and an action.
You could probably reuse the action from any of the other fail2ban
rules. The hard part would finding the right regular expression that
matches these entries when fail2ban scans your logs.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux