Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: fail2ban contribs on its way
« previous next »
Pages: [1]   Go Down

fail2ban contribs on its way

  • 6 Replies
  • 2617 Views

Offline Jean-Philippe Pialasse

  • *
  • 2,773
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
fail2ban contribs on its way
« on: May 26, 2010, 06:07:52 PM »
Hello ,

i am currently working on a fail2ban contribs. I would need some intrusion logs example in order to make some regex rules. Please send them to  tests _at_ pialasse -dot- com.

You can seek for the intrusions in theses files :

- ftp : /var/log/ftp/ or /var/log/proftp
- imaps : /var/log/imaps/current
- pops : /var/log/pops/current
- imap : /var/log/imap/current
- pop : /var/log/pop/current
- qpsmtpd : /var/log/sqpsmtpd/current
- webmail : /var/log/httpd/error_log
- server manager : /var/log/httpd/error_log


i currently have some rules working for apache and php url open, as well as sshd (but denyhosts does it better)


I was also planning to make some esmith db in order to store banned ip during fail2ban restart.



Logged

Offline pwalter

  • *
  • 38
  • +0/-0
Re: fail2ban contribs on its way
« Reply #1 on: January 04, 2011, 07:47:05 AM »
Are we there yet? :-)
Are we there yet? :-)
Are we there yet? :-)
Logged

Offline Jean-Philippe Pialasse

  • *
  • 2,773
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: fail2ban contribs on its way
« Reply #2 on: January 05, 2011, 04:48:43 AM »
i am still needing some log to train my regex.

but it's good to see that some body is interested at least !
Logged

Offline Franco

  • *
  • 1,171
  • +0/-0
    • http://contribs.org
Re: fail2ban contribs on its way
« Reply #3 on: January 05, 2011, 06:39:33 PM »
Count me in too ;)

I only use fail2ban to protect my asterisk, but it would be good to protect the other services.

Thanks,
Logged

Offline shawnbishop

  • ****
  • 298
  • +0/-0
Re: fail2ban contribs on its way
« Reply #4 on: January 06, 2011, 07:11:57 AM »
Good day

I am assuming this would be like the SSH DenyHosts contrib??

What would you be looking for exactley in the log files, maybe I can provide some?
Logged

Offline Jean-Philippe Pialasse

  • *
  • 2,773
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: fail2ban contribs on its way
« Reply #5 on: January 06, 2011, 06:17:12 PM »
Hello,

i would example of what you think as an intrusion like:
- bad password login attempt with http auth
- bad connexion attempt into asterisk (Franco if you already have some regex for it send it to me too, telling me the kind of installation you have like freepbx or another)


open one of these log and find an intrusion and copy paste it to my email (not in clear here)

- ftp : /var/log/ftp/ or /var/log/proftp
- imaps : /var/log/imaps/current
- pops : /var/log/pops/current
- imap : /var/log/imap/current
- pop : /var/log/pop/current
- qpsmtpd : /var/log/sqpsmtpd/current
- webmail : /var/log/httpd/error_log
- server manager : /var/log/httpd/error_log
or any other log file like the one for asterisk if you have another service you want to be added
Logged

Offline apmuthu

  • *
  • 244
  • +0/-0
Re: fail2ban contribs on its way
« Reply #6 on: January 26, 2011, 03:31:03 AM »
Rudimentary install notes for Fail2Ban on SME7 are at:
http://www.linuxexpert.ro/Linux-Tutorials/installing-fail2ban-on-centos5.html
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: fail2ban contribs on its way