10-16-2007
fail2ban
Quote:
Originally Posted by
rdns
since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise
You really should look into a neat program called "fail2ban". I have it running on a Debian-server and it's great.
You can configure how many retries someone has after a password-failure and how long they are banned (two hours in my case). It continually scans your /var/log/auth.log and acts. Check out
Main Page - Fail2ban for more info.
Quote:
2007-10-14 15:28:26,088 fail2ban.actions: WARNING [ssh] Ban 61.146.178.13
2007-10-14 17:28:26,809 fail2ban.actions: WARNING [ssh] Unban 61.146.178.13
2007-10-15 19:27:09,866 fail2ban.actions: WARNING [ssh] Ban 218.234.170.147
2007-10-15 21:27:10,316 fail2ban.actions: WARNING [ssh] Unban 218.234.170.147
7 More Discussions You Might Find Interesting
1. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
2. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
3. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
4. Cybersecurity
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies
5. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone,
I've got an extensive collection of seismic files that I am trying to turn into workable subsurface data collection. It's all real-time history and it is being loaded onto the main linux computer from a collection of about 1000 CDs. There are about 4000 seismic files on each CD, and... (3 Replies)
Discussion started by: ws6transam
3 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT DEBIAN
fail2ban-regex
FAIL2BAN-REGEX(1) User Commands FAIL2BAN-REGEX(1)
NAME
fail2ban-regex - test Fail2ban "failregex" option
SYNOPSIS
fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]
DESCRIPTION
Fail2Ban v0.8.2 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.
This tools can test regular expressions for "fail2ban".
OPTIONS
-h, --help
display this help message
-V, --version
print the version
LOG
string a string representing a log line
filename
path to a log file (/var/log/auth.log)
REGEX
string a string representing a 'failregex'
filename
path to a filter file (filter.d/sshd.conf)
IgnoreRegex:
string a string representing an 'ignoreregex'
filename
path to a filter file (filter.d/sshd.conf)
AUTHOR
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
REPORTING BUGS
Report bugs to <cyril.jaquier@fail2ban.org>
COPYRIGHT
Copyright (C) 2004-2008 Cyril Jaquier
Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL).
SEE ALSO
fail2ban-client(1) fail2ban-server(1)
fail2ban-regex v0.8.2 March 2008 FAIL2BAN-REGEX(1)