|
|
Sponsored Content
Special Forums
Windows & DOS: Issues & Discussions
Fail2ban: email notifications and banning ssh IP logins
Post 302880763 by synthesis on Monday 23rd of December 2013 06:57:10 AM
12-23-2013
Fail2ban: email notifications and banning ssh IP logins
|
|
10 More Discussions You Might Find Interesting
1. Post Here to Contact Site Administrators and Moderators
I'm trying to disable the email notifications; despite going into my control panel and selecting NO next to Use 'Email Notification' by default? I keep getting email notifications anyway! And I know I've never selected the checkbox next to Email Notification: emails sent to you whenever someone... (2 Replies)
Discussion started by: oombera
2 Replies
2. Shell Programming and Scripting
Hi everyone,
I am in the process of trying to decide the correct way to solve a particular scripting/email issue I have and would appreciate any advice.
We have a cronjob running every 10 mins to check disk size on the server and if this exceeds a certain percentage then it will email a... (2 Replies)
Discussion started by: si_linux
2 Replies
3. Post Here to Contact Site Administrators and Moderators
Hi.
On 09-05-2007 Neo posted that new servers were on their way.
1) It would be nice to hear of occasional progress. As far as I can tell, there has not been much of a change. The notice that is posted every now and then talks about a new server "this week". (In fact as I was previewing... (1 Reply)
Discussion started by: drl
1 Replies
4. AIX
Hi,
I have a crontab which sents email to a group in a certain interval. The email contains my user id in 'from' field of email - because my user crontab.
I don't have root access for that AIX 5.3 host - and should have to change 'from' field to either 'root' or any other common names.
... (4 Replies)
Discussion started by: vasukv
4 Replies
5. Solaris
Hi,
Does any one know how to configure email notifications (to exchange) in Oracle Enterprise Manager 11g OPS Center?
I have gone through the documentation and have done everything it asked, but still no notifications via email. I get the following error:
At the OS level i tried sending email... (20 Replies)
Discussion started by: Mack1982
20 Replies
6. Solaris
For work, I need a box to show all logins made recently upon a successful login. Sort of a banner showing previous logins. Not sure how to go about this. (2 Replies)
Discussion started by: LittleLebowski
2 Replies
7. Shell Programming and Scripting
Wondering if anyone can point me to an example of how to setup a bash script that executes cp mv and rsync commands and only sends an email if there were errors with any of those commands and what the errors are. In addition it should email if the cron event to execute the script fails, or in... (1 Reply)
Discussion started by: consultant
1 Replies
8. HP-UX
I have just switched my production server from using the br_backup script that uses fbackup to the fs_backup script that uses PAX. Things seem to work fine and test restores are successful, but I'm not getting a daily e-mail with the backup results that I used to get from the br_backup script. ... (2 Replies)
Discussion started by: jduehmig
2 Replies
9. Shell Programming and Scripting
HI all
i need to connect to about 900 cisco routers and switch to do some configs changes. the issue i am having is that half the devices have one set of username and password and the other half have another username and password. From expect or bash script i can ssh into a device and make... (0 Replies)
Discussion started by: quintin
0 Replies
10. UNIX for Advanced & Expert Users
Hi Team,
Can you please help me on this, I want to receive an email notification whenever new directory is created under the path /home/data.
Am using bash shell.
We are not sure about the directory name. When ever any new directory is created, scrip should monitor for new directory and... (1 Reply)
Discussion started by: Dhivyaprabha
1 Replies
LEARN ABOUT CENTOS
fail2ban_selinux
fail2ban_selinux(8) SELinux Policy fail2ban fail2ban_selinux(8) NAME
fail2ban_selinux - Security Enhanced Linux Policy for the fail2ban processes DESCRIPTION
Security-Enhanced Linux secures the fail2ban processes via flexible mandatory access control. The fail2ban processes execute with the fail2ban_t SELinux type. You can check if you have these processes running by executing the ps com- mand with the -Z qualifier. For example: ps -eZ | grep fail2ban_t ENTRYPOINTS
The fail2ban_t SELinux type can be entered via the fail2ban_exec_t file type. The default entrypoint paths for the fail2ban_t domain are the following: /usr/bin/fail2ban, /usr/bin/fail2ban-server PROCESS TYPES
SELinux defines process types (domains) for each process running on the system You can see the context of a process using the -Z option to ps Policy governs the access confined processes have to files. SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible. The following process types are defined for fail2ban: fail2ban_client_t, fail2ban_t Note: semanage permissive -a fail2ban_t can be used to make the process type fail2ban_t permissive. SELinux does not deny access to permis- sive process types, but the AVC (SELinux denials) messages are still generated. BOOLEANS
SELinux policy is customizable based on least access required. fail2ban policy is extremely flexible and has several booleans that allow you to manipulate the policy and run fail2ban with the tightest access possible. If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlo- gin_nsswitch_use_ldap boolean. Disabled by default. setsebool -P authlogin_nsswitch_use_ldap 1 If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean. Disabled by default. setsebool -P daemons_dump_core 1 If you want to enable cluster mode for daemons, you must turn on the daemons_enable_cluster_mode boolean. Enabled by default. setsebool -P daemons_enable_cluster_mode 1 If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean. Disabled by default. setsebool -P daemons_use_tcp_wrapper 1 If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default. setsebool -P daemons_use_tty 1 If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by default. setsebool -P deny_ptrace 1 If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default. setsebool -P domain_fd_use 1 If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by default. setsebool -P domain_kernel_load_modules 1 If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default. setsebool -P fips_mode 1 If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default. setsebool -P global_ssp 1 If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default. setsebool -P kerberos_enabled 1 If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default. setsebool -P nis_enabled 1 If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default. setsebool -P nscd_use_shm 1 NSSWITCH DOMAIN
If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the fail2ban_client_t, fail2ban_t, you must turn on the authlogin_nsswitch_use_ldap boolean. setsebool -P authlogin_nsswitch_use_ldap 1 If you want to allow confined applications to run with kerberos for the fail2ban_client_t, fail2ban_t, you must turn on the ker- beros_enabled boolean. setsebool -P kerberos_enabled 1 MANAGED FILES
The SELinux process type fail2ban_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions. cluster_conf_t /etc/cluster(/.*)? cluster_var_lib_t /var/lib/pcsd(/.*)? /var/lib/cluster(/.*)? /var/lib/openais(/.*)? /var/lib/pengine(/.*)? /var/lib/corosync(/.*)? /usr/lib/heartbeat(/.*)? /var/lib/heartbeat(/.*)? /var/lib/pacemaker(/.*)? cluster_var_run_t /var/run/crm(/.*)? /var/run/cman_.* /var/run/rsctmp(/.*)? /var/run/aisexec.* /var/run/heartbeat(/.*)? /var/run/cpglockd.pid /var/run/corosync.pid /var/run/rgmanager.pid /var/run/cluster/rgmanager.sk fail2ban_tmp_t fail2ban_var_lib_t /var/lib/fail2ban(/.*)? fail2ban_var_run_t /var/run/fail2ban.* net_conf_t /etc/hosts[^/]* /etc/yp.conf.* /etc/denyhosts.* /etc/hosts.deny.* /etc/resolv.conf.* /etc/sysconfig/networking(/.*)? /etc/sysconfig/network-scripts(/.*)? /etc/sysconfig/network-scripts/.*resolv.conf /etc/ethers /etc/ntp.conf root_t / /initrd FILE CONTEXTS
SELinux requires files to have an extended attribute to define the file type. You can see the context of a file using the -Z option to ls Policy governs the access confined processes have to these files. SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible. STANDARD FILE CONTEXT SELinux defines the file context types for the fail2ban, if you wanted to store files with these types in a diffent paths, you need to exe- cute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. semanage fcontext -a -t fail2ban_client_exec_t '/srv/fail2ban/content(/.*)?' restorecon -R -v /srv/myfail2ban_content Note: SELinux often uses regular expressions to specify labels that match multiple files. The following file types are defined for fail2ban: fail2ban_client_exec_t - Set files with the fail2ban_client_exec_t type, if you want to transition an executable to the fail2ban_client_t domain. fail2ban_exec_t - Set files with the fail2ban_exec_t type, if you want to transition an executable to the fail2ban_t domain. Paths: /usr/bin/fail2ban, /usr/bin/fail2ban-server fail2ban_initrc_exec_t - Set files with the fail2ban_initrc_exec_t type, if you want to transition an executable to the fail2ban_initrc_t domain. fail2ban_log_t - Set files with the fail2ban_log_t type, if you want to treat the data as fail2ban log data, usually stored under the /var/log directory. fail2ban_tmp_t - Set files with the fail2ban_tmp_t type, if you want to store fail2ban temporary files in the /tmp directories. fail2ban_var_lib_t - Set files with the fail2ban_var_lib_t type, if you want to store the fail2ban files under the /var/lib directory. fail2ban_var_run_t - Set files with the fail2ban_var_run_t type, if you want to store the fail2ban files under the /run or /var/run directory. Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the semanage fcontext command. This will modify the SELinux labeling database. You will need to use restorecon to apply the labels. COMMANDS
semanage fcontext can also be used to manipulate default file context mappings. semanage permissive can also be used to manipulate whether or not a process type is permissive. semanage module can also be used to enable/disable/install/remove policy modules. semanage boolean can also be used to manipulate the booleans system-config-selinux is a GUI tool available to customize SELinux policy settings. AUTHOR
This manual page was auto-generated using sepolicy manpage . SEE ALSO
selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8), fail2ban_client_selinux(8), fail2ban_client_selinux(8) fail2ban 14-06-10 fail2ban_selinux(8)