Re: fail2ban attempt, anyone want to add anything?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 4/20/2012 2:24 AM, Bob Hoffman wrote:
> if I could add something, definitely put ports, if numbers, in
> quotes...without quotes I got some errors in the logs
> port=ftp, no quotes.....port="2222" quotes
>
> and I added one for vsftp, I use port 5000
>
> [vsftpd-iptables]
> enabled  = true
> filter   = vsftpd
> action   = iptables[name=VSFTPD, port="5000", protocol=tcp]
> logpath  = /var/log/vsftpd.log
> maxretry = 5
> bantime  = 1800
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
my final add on this tonight..

due to the older versions of 'whatever' centos uses, there will be 
errors on startup of fail2ban regarding multiport
jails.
To avoid these errors it was suggested to add a sleep mechanism to the 
start up commands in the proper file.

/etc/fail2ban/action.d/iptables-mutliport.conf

added a sleep line     sleep `perl -e 'print rand(3);'` to line 14 and 
dropped everything down one line to make room for it

actionstart = sleep `perl -e 'print rand(3);'`
               iptables -N fail2ban-<name>
               iptables -A fail2ban-<name> -j RETURN
               iptables -I INPUT -p <protocol> -m multiport --dports 
<port> -j fail2ban-<name>


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux