I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code:
wolfgang@Culture:/var/log$ fail2ban-client status
ERROR Unable to contact server. Is it running?
[code]....
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
[Code]....
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
Is there a firewall installed and running in 10.04? If so are there any gui tools for configuring it and where are they? If there is not a firewall, what should I install to get one properly up and running?
View 2 Replies View RelatedIs there a way to to check if the system has the available security updates installed? Specifically, I am looking to do this programmatically.
View 1 Replies View RelatedCurrently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
My fail2ban won't block relay attempts (it does block ssh)
mail.log contains lots of
Code:
NOQUEUE: reject: RCPT from 118-167-6-196.dynamic.hinet.net[118.167.6.196]: 554 5.7.1 <333@fgytry.myip.org>: Relay access denied
jail.conf
[Code]....
I'm trying to use a technique suggested by a fella at this website....
[URL]
He suggests adding an echo line to the actionban line in order to create or add to a file that will contain a list of all the IP's that fail2ban has banned.....but it doesn't seem to generate any output. .....here is the command.....
actionban = iptables -I fail2ban- 1 -s -j DROP
echo >> /etc/shitlist
I never get any IP's in the file so the echo part does not seem to work.
I'm getting loads of hacking attempts on my pop3 daemon. Looks like fail2ban is not stopping it. How to ban these type of attacks?
Dec 2 12:14:49 sosaria pop3d: Disconnected, ip=[::ffff:109.81.181.238]
Dec 2 12:14:49 sosaria pop3d: Connection, ip=[::ffff:109.81.181.238]
Dec 2 12:14:49 sosaria pop3d: LOGIN FAILED, user=duky, ip=[::ffff:109.81.181.238]
Dec 2 12:14:54 sosaria pop3d: Disconnected, ip=[::ffff:109.81.181.238]
Dec 2 12:14:54 sosaria pop3d: Connection, ip=[::ffff:109.81.181.238]
[Code] ....
I've got in my /etc/fail2ban/jail.local:
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry = 3
[Code] .....
i have fail2ban on server but everytime fail2ban conducts a log rotation it unbans all the banned IP's. I have ip's to be banned for a week whenever a log rotation happens or i restart fail2ban i dont want all the ip's released! I was thinking there was a script or patch that would fix this but i have come up short.
View 2 Replies View RelatedI've had fail2ban setup for awhile for my SSH server, and that works beautifully (I had someone I knew attempt to access it and get banned) however I then tried to set it up to ban people scanning my webserver for lots of other pages which dont exist (and have never been linked to) such as phpMyAdmin.
In my jail.conf I have:
Code:
However Looking at this I realise I need to edit the filter.d/apache-error.conf
I'm not sure exactly how to setup the regex to ban the correct hosts
The errors from the scanners are like this:
Code:
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
View 3 Replies View RelatedI was wondering about the security implications of running a GUI in a VM. I know that a GUI adversely affects security, but don't know how this works when visualization is thrown into the mix.
1. Is the security of the host OS affected by the presence of a guest OS with a GUI, or is it just the guest OS that would take the hit?
2. If the host OS does not have a GUI, and the guest OS does have a GUI, would it be possible to see the GUI of the guest OS?
Is there a way I can run my Windows Vista operating system that is already installed, on a virtual machine while on Ubuntu? I don't want to keep rebooting. The only reason I have my Vista partition is for Maplestory. ( A game that has gameguard which can't run under wine)
View 2 Replies View RelatedCan we create an ISO of installed/running fedora system?
View 3 Replies View RelatedWhen I installed CentOS v5, I declined the FTP server that cane with it because I have used and prefer ProFTPd. Now I'm not so sure what's running. How do I check what FTP is installed and / or running? ALSO there seem to be TWO ProFTPd conf files, one at:
[code]...
They have different content. Which is the one that is being used?
I currently have a windows server running with XAMPP installed.I want to try out ubuntu server, I am a complete linux newbie and was wondering if there was a similar package to XAMPP out there with:ApachePHPMySQLAnd some form of ftp server
View 5 Replies View RelatedSounds crazy, I know... but I have a need for testing....
Is it possible to get a version of FireFox2 installed and running on Fedora 13?
i have installed packets for running G++ command but when i compiled the .cpp file it was showing iostream.h file not found then i remove .h extentions from #include <iostream.h> and all other include headers as well in cpp source file then this iostream.h not found option gone but still some files are missing and my program is not running
View 1 Replies View Relatedi am trying to script an visualization application, grads, to generate a bunch of maps in a preprocessing batch.The application normally takes input from the console and launches an X window to display the results in. After the results are display, you can write them to an image fileis there a way to set the X display to be some kind of null device that ignores all the input and output?
View 2 Replies View RelatedI'm running 10.04 without having installed a firewall is that ok? because, i'm also bugged by audio/video and mouse problems which build up and i must warm boot to remedy. (although the drum fanfare at start-up doesn't sound quite right ether?). furthermore i would like to open the port for my torrent client Transmission, but the elements of the web pge (192.168.1.1) are flickering.
View 5 Replies View RelatedI'm running fedora 14, installed on one box, and live on about 3 others. I know there are work arounds for some things and not others, so I just want to ask about keeping some of my favorite games; Diablo II, Settlers III, and seriously, Entropia Universe. These games require direct draw, directx, and so on.
View 3 Replies View RelatedI've just setup a new Ubuntu Server 10.10 serving SVN through Apache (HTTP, HTTPS).It seems all ports are open by default on this new server. Why is this? Do I need to lock it down with iptables, or is it secure as it is anyway (somehow)?
View 6 Replies View RelatedCan I have both ufw and iptables running together? My server is currently using ufw, if I add an iptables rule will it have any effect?
View 6 Replies View RelatedIs there a unique command ( common to all Linux Distros, Solaris, Windows ) to know whether a service is installed and running on my system or not??
View 5 Replies View RelatedI have just installed joomla and proceeded to do the web install. Got the interface up and running and its now complaining it does not see the mysql server running. I do in fact have it running. Veryfied it with mysql command on command line and it complained with missing attributes.
I read a thread that it needs php-mysql installed. So went to proceed to install it. Well, I did not have that and went to install it. Verified it. Package mysql-server-5.0.77-3.el5.i386 already installed and latest version
I then did a service mysql reset.
Checked back at the joomla web install interface and still, it says there is no mysql support! What is next? Im running centos OS. Also, I am running LAMP
I've installed Clamav antivirus from synaptics but I can't find it on any menu now. How can I run it?
View 4 Replies View RelatedI recently installed Ubuntu Linux and did not encrypt the home directory during the install. Now I want to encrypt my home directory, or even better the whole hard drive.
View 2 Replies View Related