Displaying 20 results from an estimated 8000 matches similar to: "issue with fail2ban letting IP's through"
2015 Mar 10
2
Fail2Ban Centos 7 is there a trick to making it work?
On Mon, March 9, 2015 13:11, John Plemons wrote:
> Been working on fail2ban, and trying to make it work with plain Jane
> install of Centos 7
>
> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
> of disk space. Very generic and vanilla.
>
> Current available epel repo version is fail2ban-0.9.1
>
> Looking at the log file, fail2ban starts and stops
2015 Mar 09
1
Fail2Ban Centos 7 is there a trick to making it work?
Been working on fail2ban, and trying to make it work with plain Jane
install of Centos 7
Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB
of disk space. Very generic and vanilla.
Current available epel repo version is fail2ban-0.9.1
Looking at the log file, fail2ban starts and stops fine, there isn't
output though showing any login attempts being restricted.
2018 Jan 02
2
SIP invite timeouts : how is someone sending invites from our server ??
On 12/30/2017 08:18 PM, Dovid Bender wrote:
> Script kiddies trying to find vulnerable systems that they can make
> calls on. Lock down the box with iptables and use fail2ban to block
> them. The via is probably bogus unless a box at the DoD was comprimised.
>
>
>
> On Sat, Dec 30, 2017 at 6:49 PM, sean darcy <seandarcy2 at gmail.com
> <mailto:seandarcy2 at
2014 Dec 27
1
Fail2ban mail failures ???
-----Original Message-----
From: ????????? ???????? <nevis2us at infoline.su>
Reply-to: CentOS mailing list <centos at centos.org>
To: CentOS mailing list <centos at centos.org>
Subject: Re: [CentOS] Fail2ban mail failures ???
Date: Fri, 26 Dec 2014 21:30:39 +0300
Robert G. (Doc) Savage ????? 2014-12-26 20:39:
> I'm using fail2ban with CentOS 6.6. Something is causing
2016 Aug 20
4
What is broken with fail2ban
Hello List,
with CentOS 7.2 it is not longer possible to run fail2ban on a Server ?
I install a new CentOS 7.2 and the EPEL directory
yum install fail2ban
I don't change anything only I create a jail.local to enable the Filters
[sshd]
enabled = true
....
.....
When I start afterward fail2ban
systemctl status fail2ban is clean
But systemctl status firewalld is broken
? firewalld.service -
2012 Oct 17
2
CentOS 6.3 - fail2ban not working properly + workaround
I recall others on this list are using fail2ban to block brute force
login attempts.
Packages are from the EPEL repo, so I'm just sharing some knowledge here.
For about two months now I've had a CentOS 6.3 box (web host) in
production that occasionally is ftp brute forced.
Oddly enough fail2ban wasn't nabbing the perpetrators. I found that
the iptables chain for VSFTP isn't
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2011 May 08
2
fail2ban and secure permissions
Hello,
Has anyone got fail2ban working and blocking ssh spambot atempts? My
ssh is logging with a facility of authpriv which syslogd sends to
/var/log/secure. That file has 600 permissions owned and group of
root. I want to make it where fail2ban can access the needed file, yet
not make it insecure in the process. I was not wanting to change
permissions last time I did that on a log file a cron
2011 Nov 04
2
Can't run fail2ban 0.8.4 [CentOS 6]
Hi,
To begin I'm sorry for my poor English level, that's not my first language.
On CentOS 6 I've installed fail2ban 0.8.4 from EPEL repository. I've
configured it with this page : http://centoshelp.org/security/fail2ban/
Then I've tried this command :
chkconfig --level 23 fail2ban on && service fail2ban start
but the output says it fallen, nothing more. The status
2020 Apr 09
2
fail2ban firewalld problems with current CentOS 7
Hi!
I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities
On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewalld to manage the firewall rules.
Fail2an is configured to use firewalld:
[root at server ~]# ll /etc/fail2ban/jail.d/
insgesamt 12
2012 Apr 20
2
fail2ban attempt, anyone want to add anything?
Tonight I added fail2ban to one of my webservers to test it out.
Here is my step by step, as best as I could figure it
out...documentation a bit sketchy.
feel free to add anything to it or suggest changes.
I tried to set it up to deal with ssh, http authentication, dovecot,
ftp, and postfix
I could find no working example for centos 6 and there is no fail2ban
book available to peruse.
So,
2020 Apr 17
2
[SOLVED] fail2ban firewalld problems with current CentOS 7
On 13/04/20 1:30 pm, Orion Poplawski wrote:
> On 4/9/20 6:31 AM, Andreas Haumer wrote:
> ...
>> I'm neither a fail2ban nor a SELinux expert, but it seems the
>> standard fail2ban SELinux policy as provided by CentOS 7 is not
>> sufficient anymore and the recent updates did not correctly
>> update the required SELinux policies.
>>
>> I could report this
2017 Dec 17
1
ot: fail2ban dovecot setup
On Mon, December 18, 2017 3:06 am, Alex JOST wrote:
> Did you enable the dovecot service in fail2ban? By default all jails are
> disabled.
>
> /etc/fail2ban/jail.conf:
> [dovecot]
> enabled = true
Alex, thanks
no, not in jail.conf, I've put it in the
(1)
/etc/fail2ban/jail.local
I've also added postfix, that seems to work:
I've made test failed dovecot and
2020 May 22
1
fail2ban setup centos 7 not picking auth fail?
I'm trying to set up fail2ban with dovecot, I have it working on 'old'
server Centos 6, but, not getting anywhere with 'new' server on Centos 7
using standard filters
I've copied same 'filter' to new server, still get nothing
any idea how to figure this out ?
on old server, it logs to syslog/messages
CentOS release 6.10 (Final) dovecot 2.3.10.1 (a3d0e1171)
old #
2013 Apr 10
3
fail2ban problem
Hello list
I'm trying to setup fail2ban specially sasl action but I'm facing problems.
I have centos-release-5-9.el5.centos.1
and
fail2ban-0.8.7.1-1.el5.rf
installed
with selinux disabled
The errors I get are:
INFO Creating new jail 'sasl-iptables'
fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables',
'polling']
I tried gemin against
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2014 Dec 26
4
Fail2ban mail failures ???
I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's
alerts sent to root's mail to be rejected. Here's a clip from one of the
error messages:
Message 48:
From MAILER-DAEMON at lion.protogeek.org Sun Dec 21 03:09:20 2014
Return-Path: <MAILER-DAEMON at lion.protogeek.org>
Date: Sun, 21 Dec 2014 03:09:19 -0600
From: Mail
2012 May 28
1
anyone care to helop with a fail2ban problem on Centos 5.8?
I've got an up-to-date Centos 5.8 and can't seem to get fail2ban to
get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf
has these sections:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
[pam-generic]
enabled =
2012 Mar 18
4
fail2ban
Hi,
I realise that one can simply start fail2ban and then it will insert its
own ruleset before shorewall''s ruleset. Are there subscribers to this
list having alternative (and probably better) ways to use both fail2ban
and shorewall?
Thanks,
Mark
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90
2010 Aug 09
1
fail2ban behavior
I created a filter and verified it with fail2ban-regex against
actual lines in my log and it works. During restarts of fail2ban,
only some previous ip's get banned immediately whereas some need a
reoccurrence despite the jail's config specification of maxretry and
findtime suggesting the entries mandate blocking.
I'd assume the behavior after a restart is noe way if it weren't for