-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've used denyhosts. If you do have an issue with fail2ban, it does pretty much the same thing. Andy - -------- Original Message -------- Subject: Re: [CentOS] fail2ban needs shorewall? Date: Wed, 23 Jul 2008 17:08:07 +0200 From: Kai Schaetzl <maillists at conactive.com> Reply-To: CentOS mailing list <centos at centos.org> To: centos at centos.org References: <VA.000032df.013be7a4 at news.conactive.com> <200807231353.49975.tony.molloy at ul.ie> <VA.000032e0.0165b628 at news.conactive.com> <200807231453.05336.tony.molloy at ul.ie> Tony Molloy wrote on Wed, 23 Jul 2008 14:53:05 +0100:> you can specify noarch on the install > line.that's what I did, I was just curious. Kai - -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiHX8EACgkQauMjEM4rxIS+OACgkb8cbA7lppmZh0COd4dFS2/W sz8AnRnVnxTpCMCUMOUwyOPF8eKk+bDP =nU4V -----END PGP SIGNATURE-----
Andylockran wrote on Wed, 23 Jul 2008 17:43:45 +0100:> If you do have an issue with fail2ban, it does pretty much the same thing.fail2ban from rpmforge works fine. It's missing the filter for dovecot, though, and got wrong filters for many other services. Here are some that I just figured out: dovecot:/var/log/secure failregex = dovecot-auth: pam_unix\(dovecot:auth\): authentication failure; * rhost=<HOST> sasl:/var/log/maillog failregex = postfix\/smtpd\[\d+\]: warning: unknown\[<HOST>\]: SASL LOGIN authentication failed: vsftpd:/var/log/secure failregex = vsftpd: .* authentication failure; .* rhost=<HOST> I noticed that there are several failregex in the conf files that end with $. However, if I try that my rules fail, although they look like perfectly valid regex, so I'm not matching until the end of line. Someone else can add to the list? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com