similar to: fail2ban help

Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling'] I tried gemin against

Hello list I'm managing a web server with centos-release-5-9.el5.centos.1. I have php-5.1.6-40.el5_9 right now and I'd like to update it to php53. I wander if its easy or complicated. If somebody have any instructions I'd be very glad! Thank you in advance. Nikos -- Untitled Document ------------------------------------------------------------------------ *?????? ????? - Gatsis

Hello list. I'm trying to yum update my Centos 7 and have problem to update parallel. Is like file is missing: parallel-20190322-3.2.noarch.r FAILED http://download.opensuse.org/repositories/home%3A/tange/CentOS_7/noarch/parallel-20190322-3.2.noarch.rpm: [Errno 14] HTTP Error 404 - Not Found-:-- ETA Trying other mirror. Did i miss something? Thank you in advance. Nikos.

Hello list. I need suggestions or tutorial of installing centos on an notebook with win 8.1 already installed. Than you in advance. -- Untitled Document ------------------------------------------------------------------------ *?????? ????? - Gatsis Nikos* Web developer tel.: 2108256721 - 2108256722 fax: 2108256712 email: ngatsis at qbit.gr http://www.qbit.gr

Hello, fail2ban does not ban offending IP. NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong password NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' - Wrong password systemctl status

I'm trying to setup and test fail2ban with dovecot I've installed fail2ban, I've copied config from https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it, attempted multiple mail access with wrong password, but, get this: # fail2ban-client status dovecot-pop3imap Status for the jail: dovecot-pop3imap |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File

Hello list A disk, part of a raid failed and I have to replace it. My problem is the swap partition which is in raid0. The rest partitions are in raid1 and I successfully removed them. The partition in swap cant removed because is probably active. How can I stop swap and remove partition? After replacing the faulty disk and rebuilt how I start swap again? Thank you in advance Nikos

Hello everybody. I have a simple question. If I clone an existing KVM image of win server with static IP, the clone will have the same IP? It's probably stupid question, but I want to be sure. I have a full updated centos 7 box. Thank you in advance. Nikos.

Hello list I have centos-release-5-7.el5.centos and today I noticed that there are some updates with yum. I try to update but something hapend with php-pear: file /usr/share/pear/.channels/__uri.reg from install of php-pear-1.4.9-8.el5.noarch conflicts with file from pa ckage php-pear-ole-0.5-2.el5.rf.noarch file

> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote: > > Dear collegues, > > many thanks for your valuable input. > > Since we are an university GEO-IP blocking is not an option for us. > Somestimes I think it should ;-) > > My "mistake" was that I had just *one* fail2ban filter for both cases: > "wrong password" and

If this is a small site, I recommend you download the free version of SecAst (www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does NOT use the log file, or regexes, to match etc.instead it talks to Asterisk through the AMI to extract security information. Messing with regexes is a losing battle, and the lag in reading logs can allow an attacker 100+ registration

Hi to all, @Olaf Hopp I've this filter enabled for fail2ban, my question is: could my filters overlap or interfere with those suggested by you? this is my filter: Contents of /etc/fail2ban/jail.conf: [postfix] # Ban for 10 minutes if it fails 6 times within 10 minutes enabled = true port = smtp,ssmtp filter = postfix logpath = /var/log/mail.log maxretry = 6 bantime = 600

Does anyone have the filter strings for Fail2Ban 0.8 to block Dovecot 1.1 login failures? Thanks! Ciao, luigi -- / +--[Luigi Rosa]-- \ If the odds are a million to one against something occurring, chances are 50-50 it will.

For dovecot 2.1 as per wiki2, is this still valid? noticed a problem before and saw it does seem to be triggering, I use: maxretry = 6 findtime = 600 bantime = 3600 and there was like, 2400 hits in 4 minutes, it is pointing to the correct log file, but I am no expert with fail2ban, so not sure if the log format of today is compatible with the wiki2 entry filter.d/dovecot.conf [Definition]

Hello list. The next days we are going to install Centos 7 on a new server, with 4*3Tb sata hdd as raid-5. We will use the graphical interface to install and set up raid. Do I have to consider anything before installation, because the disks are very large? Does the graphical use the parted to set/format the raid? I hope the above make sense. Thank you in advance. Nikos

I need some help understanding SIP dialog. Some actor is trying to access my server, but I can't figure out what he's trying to do ,or how. I'm getting a lot of these warnings. [May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt: Retransmission timeout reached on transmission _zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101 With SIP DEBUG I tracked the Call-ID to this INVITE :

Tonight I added fail2ban to one of my webservers to test it out. Here is my step by step, as best as I could figure it out...documentation a bit sketchy. feel free to add anything to it or suggest changes. I tried to set it up to deal with ssh, http authentication, dovecot, ftp, and postfix I could find no working example for centos 6 and there is no fail2ban book available to peruse. So,

I've got an up-to-date Centos 5.8 and can't seem to get fail2ban to get rid of troublesome sshd login attempts. /etc/fail2ban/jail.conf has these sections: [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 # Generic filter for pam. Has to be used with action which bans all ports # such as iptables-allports, shorewall [pam-generic] enabled =

I'm currently using postfix and dovecot, with dovecot authentication (with saslauthd) using mysql for accounts Is there any option available for me to help inhibit/prevent brute-force login attempts? Thx. Rick Rick Steeves http://www.sinister.net "The journey is the destination"

Hi, Is there any way to disable the "dovecot: " at the beginning of each line of the log? Fail2Ban responds poorly to it. I know there are a number of sites with "failregex" strings for Fail2Ban and Dovecot, but I've tried them all, and they don't work, at least with the latest Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear about why there