I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code: wolfgang@Culture:/var/log$ fail2ban-client status ERROR Unable to contact server. Is it running?
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code: [php-url-fopen] enabled = true port = http,https filter = php-url-fopen
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code: CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0) CRON[2971]: pam_unix(cron:session): session closed for user root
a client asked me to install ettercap on their linux gateway machine - two ethernet machine. I tried it in bridged mode, it but as soon as I start it, the traffic stops and no one can access anything. Did anyone ever succeed in running it on the gateway?
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
I've had fail2ban setup for awhile for my SSH server, and that works beautifully (I had someone I knew attempt to access it and get banned) however I then tried to set it up to ban people scanning my webserver for lots of other pages which dont exist (and have never been linked to) such as phpMyAdmin.
In my jail.conf I have:
Code:
However Looking at this I realise I need to edit the filter.d/apache-error.conf
I'm not sure exactly how to setup the regex to ban the correct hosts
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
I'm trying to use a technique suggested by a fella at this website....
[URL]
He suggests adding an echo line to the actionban line in order to create or add to a file that will contain a list of all the IP's that fail2ban has banned.....but it doesn't seem to generate any output. .....here is the command.....
i have fail2ban on server but everytime fail2ban conducts a log rotation it unbans all the banned IP's. I have ip's to be banned for a week whenever a log rotation happens or i restart fail2ban i dont want all the ip's released! I was thinking there was a script or patch that would fix this but i have come up short.
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
I'm running Ubuntu 10.10 Maverick Meerkat 64-bit on my desktop with a wired internet connection (with no firewall). For the past 2 days, I have observed that1. Firefox randomly throws up errors like "Problem loading page" whenever I click on a hyperlink. When I click on Reload, the page loads up just fine. This has been happening a lot recently..and I do not remember updating anything consciously. By the way, ipv6 is disabled in Firefox.2. The network stops working all of a sudden (usually indicated by the Firefox error). The Autho Eth0 indication is active, but I am unable to connect to any external machine.
3. Needless to say, this error is manifesting itself in apt-get as well. I get "something wicked happened" errors all the time, and am unable to download or install anything.That this is not a problem with the ISP is obvious because I also have Windows (from which I'm typing this, ironically), which is able to access the internet.Is this a bug in Ubuntu 10.10?
I have a problem with the logrotate of auth.log, it is not working. I tried using 'kill -HUP `cat /var/run/sshd.pid`'. This restarts sshd but does not create a new auth.log. Also tried "/etc/etc/init.d/ssh restart" and "/etc/init.d/ssh reload"
On Ubuntu 10.04 with x11Vnc server, if the screen requires logon (such as if locked or upon reboot), through the VNC terminal, I always get authentication error (incorrect password). Sitting at the keyboard, I can logon just fine. Once logged on, I can access everything through VNC just fine.
Error in auth.log (username = bob): unix_chkpwd[3926]: password check failed for user (bob) gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000
I've been using CentOS for quite a long time, and I've recently switched to Ubuntu 10.10 as a desktop. I'm having one small stumbling block, I can't seem to setup LDAP authentication via a GUI. I found this post here.
[URL]
Is there a GUI application that allows LDAP configuration similar to the Cent OS one?
Been a while but have a few scripts that need to hit a website that's local to that network, but also a public site. Currently there is an .htaccess in that folder with this lockdown;
Sometime after I upgraded to ubuntu 9.10 I've been having trouble with my wireless network connection.It will usually log on to the network, then disconnect a shortly after. Then try to connect again, usually successfully, then it cuts off again. Then connects again, then disconnects. FWIW, ubuntu 9.10 works on a different machine pretty consistently, so I don't think its a problem with the router.
I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
