Re: fail2ban attempt, anyone want to add anything?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
> Am 20.04.2012 08:02, schrieb Bob Hoffman:
> ction   = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
> I prefer action = iptables-allports on all of these, so that a
> source address attempting a bruteforce attack on one service is
> immediately banned from all services. I can't imagine a scenario
> where a machine that got blocked, for example, for attempting to
> bruteforce passwords via SMTP AUTH, should be allowed to try via
> FTP next. Even password attempts against ssh, which accepts only
> public key authentication on all my machines, trigger a block on
> all ports. So far I haven't had a single complaint about that.
>> service fail2ban start
>> chkconfig fail2ban on
>> service iptables restart (not sure if you have to or not with each
>> fail2ban restart)
>>
>> I don't think you have to. I never do, and it works fine anyway.
U will try the 'all ports' for sure, that was what I wanted.
Logwatch, as it comes with centos, does not have any scripts at all for 
fail2ban, mine were pretty devoid of anything
I added the 7.4 stuff and am playing with it now.
I have seen no logging yet of any attempts nor do I know any way of 
seeing if it works.
will post final solution if I ever see it working.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux