Displaying 18 results from an estimated 18 matches for "findtime".
Did you mean:
endtime
2017 Mar 01
3
fail2ban Asterisk 13.13.1
...Active: active (running) since Wed 2017-03-01 00:40:43 PST; 470min ago
Docs: man:fail2ban(1)
jail.local
[DEFAULT]
# "bantime" is the number of seconds that a host is banned.
bantime = -1
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 300
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
[asterisk-iptables]
enable = true
port = 5060,5061
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=A...
2017 Jul 27
1
under another kind of attack
...t; Somestimes I think it should ;-)
>
> My "mistake" was that I had just *one* fail2ban filter for both cases:
> "wrong password" and "unknown user".
>
> Now I have two distinct jails:
> The first one just for "wrong password" and here the findtime, bantime, retries
> are tolerant to typos.
>
> And I have a new one just for "unknown user" and here my bantime and findtime
> are much bigger and the retries are just '2'. So here I'm much harsher.
> I'll keep an eye on my logs and maybe some more twaeking...
2017 Mar 02
3
fail2ban Asterisk 13.13.1
...ehalf Of Tech Support
Sent: Wednesday, March 1, 2017 2:37 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
<asterisk-users at lists.digium.com>
Subject: Re: [asterisk-users] fail2ban Asterisk 13.13.1
It's possible that you need to increase the value of 'findtime' to
something greater than 300 secs. You also may want to set "timestamp = yes"
in asterisk.conf so each line in the CLI will be time stamped. Time stamping
it will be the definitive determination on whether or not the 'findtime' is
the culprit.
Regards;
John V.
From:...
2013 Oct 04
4
fail2ban
For dovecot 2.1
as per wiki2, is this still valid? noticed a problem before and saw
it does seem to be triggering, I use:
maxretry = 6
findtime = 600
bantime = 3600
and there was like, 2400 hits in 4 minutes, it is pointing to the
correct log file, but I am no expert with fail2ban, so not sure if the
log format of today is compatible with the wiki2 entry
filter.d/dovecot.conf
[Definition]
failregex = (?: pop3-login|imap-login): (?:Authe...
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
...09 09:26:13,838 fail2ban.filter [8545]: INFO maxRetry: 1
2020-04-09 09:26:13,838 fail2ban.filter [8545]: INFO encoding: UTF-8
2020-04-09 09:26:13,839 fail2ban.actions [8545]: INFO banTime: 172800
2020-04-09 09:26:13,839 fail2ban.filter [8545]: INFO findtime: 3600
2020-04-09 09:26:13,840 fail2ban.filter [8545]: INFO Added logfile: '/var/log/httpd/ssl_error_log' (pos = 588859, hash = 755a00cfc09ef9b2f76d78cff61ea766)
2020-04-09 09:26:13,840 fail2ban.filter [8545]: INFO Added logfile: '/var/log/httpd/error_log' (pos...
2017 Jul 26
1
under another kind of attack
Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
> And I have a new one just for "unknown user" and here my bantime and findtime
> are much bigger and the retries are just '2'. So here I'm much harsher.
> I'll keep an eye on my logs and maybe some more twaeking is necessary.
Just be careful about typos (like twaeking!): users could simply misspell
their username, or get mixed up with some another accou...
2010 Aug 09
1
fail2ban behavior
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config specification of maxretry and
findtime suggesting the entries mandate blocking.
I'd assume the behavior after a restart is noe way if it weren't for
the seemingly random immediate notification of blocks being different?
Anyone with experience using fail2ban know anything about this?
Thanks,
jlc
2017 Jul 29
1
under another kind of attack
...ilters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
findtime = 600
Contents of /etc/fail2ban/filter.d/postfix.conf:
# Fail2Ban configuration file
# Author: Cyril Jaquier
# $Revision$
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the
logfile. The
# host must be matched by a group named "host&q...
2019 Apr 29
2
faI2ban detecting and banning but nothing happens
....227.253.100
45.227.253.100
[root at ollie2 ~]# fail2ban-client set exim banip 46.232.112.21
46.232.112.21
[root at ollie2 ~]#
and the lines are still appearing. Here is my jail.local. (I did also try directly editing jail.conf to update the port commands).
[DEFAULT]
# set a higher bantime and findtime
bantime=3600000
findtime=1200
# set the IP's to ignore / not ban
ignoreip = 127.0.0.1/8 10.0.0.0/8
# set max number of attempts
maxretry = 3
# set mail receiver
destemail = fail2ban at ringways.co.uk
sender = fail2ban at ringways.co.uk
# enable sending mails, whois and logfile sections by choos...
2017 Jul 26
0
under another kind of attack
...locking is not an option for us.
Somestimes I think it should ;-)
My "mistake" was that I had just *one* fail2ban filter for both cases:
"wrong password" and "unknown user".
Now I have two distinct jails:
The first one just for "wrong password" and here the findtime, bantime, retries
are tolerant to typos.
And I have a new one just for "unknown user" and here my bantime and findtime
are much bigger and the retries are just '2'. So here I'm much harsher.
I'll keep an eye on my logs and maybe some more twaeking is necessary.
Another i...
2017 Jul 25
10
under another kind of attack
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rate at which they are knocking
is very very low. So fail2ban will never catch them.
For example one IP:
Jul 25
2019 Apr 26
5
faI2ban detecting and banning but nothing happens
On Friday 19 April 2019 16:15:32 Kenneth Porter wrote:
> On 4/19/2019 5:30 AM, Gary Stainburn wrote:
> > I've followed one of the pages on line specifically for installing fail2ban on
> > Centos 7 and all looks fine.
>
> Which page? It would help to see what they advised.
> On Friday 19 April 2019 16:15:32 Kenneth Porter wrote:
> On 4/19/2019 5:30 AM, Gary Stainburn
2018 May 17
2
Decoding SIP register hack
I need some help understanding SIP dialog. Some actor is trying to
access my server, but I can't figure out what he's trying to do ,or how.
I'm getting a lot of these warnings.
[May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt:
Retransmission timeout reached on transmission
_zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101
With SIP DEBUG I tracked the Call-ID to this INVITE :
2017 Dec 17
1
ot: fail2ban dovecot setup
...ently banned: 0
|- Total banned: 0
`- Banned IP list:
(1)
# cat jail.local
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap",
protocol=tcp]
logpath = /var/log/dovecot.log
maxretry = 5
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1 127.0.0.0/8
[postfx-sasl]
enabled = true
filter = postfix-sasl
action = iptables-multiport[name=postfix,
port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve",
protocol=tcp]
# sendmail[name=Postfix, dest=you...
2016 Mar 10
0
[ISC Crosspost] Novel method for slowing down Locky on Samba server using fail2ban
...amba.conf in /etc/fail2ban/jail.d/
[samba]
filter = samba
enabled = true
action = iptables-multiport[name=samba, port="135,139,445,137,138",
protocol=tcp]
mail[name=samba, dest=admin at MYDOMAIN.DE]
logpath = /var/log/syslog
maxretry = 1 #block after first attempt
findtime = 600 #always look at the last 10 minutes
bantime = 86400 #24 hour ban
[samba]
filter = samba
enabled = true
action = iptables-multiport [name = samba, port =
"135,139,445,137,138" protocol = tcp]
mail [name = samba, dest=admin at MYDOMAIN.DE]
logpath = / var / log / sysl...
2018 May 17
3
Decoding SIP register hack
....,2,Set(CDR(UserField)=SIP PEER IP: ${CHANNEL(peerip)})
> exten => _+X.,3,HangUp()
>
>
>
> in /etc/fail2ban/jail.conf:
>
> [asterisk]
> filter???= asterisk
> action = iptables-allports[name=ASTERISK]
> logpath??= /var/log/asterisk/messages
> maxretry = 1
> findtime = 86400
> bantime??= 518400
> enabled = true
>
>
> in /etc/fail2ban/filter.d
>
> # Fail2Ban configuration file
> #
> #
> # $Revision: 250 $
> #
>
> [INCLUDES]
>
> # Read common prefixes. If any customizations available -- read them
> from
> #...
2016 Aug 20
4
What is broken with fail2ban
Hello List,
with CentOS 7.2 it is not longer possible to run fail2ban on a Server ?
I install a new CentOS 7.2 and the EPEL directory
yum install fail2ban
I don't change anything only I create a jail.local to enable the Filters
[sshd]
enabled = true
....
.....
When I start afterward fail2ban
systemctl status fail2ban is clean
But systemctl status firewalld is broken
? firewalld.service -
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File