Difference between revisions of "Fail2ban:Community Portal"
Lostcontrol (talk | contribs) |
|||
| Line 47: | Line 47: | ||
Thank you for the suggestion. I will adapt the documentation. --[[User:Lostcontrol|Lostcontrol]] 23:12, 18 April 2007 (CEST) | Thank you for the suggestion. I will adapt the documentation. --[[User:Lostcontrol|Lostcontrol]] 23:12, 18 April 2007 (CEST) | ||
| + | |||
| + | I installed the .80 branch on my fedora clarkconnect box. Unfortunatley clark uses python 2.3, so I had to rpm it to 2.4 I had two python libraries so once i downloaded and untarred the fail2ban source I ran "/usr/bin/python2.4 setup.py install" and everything ran fine, no complaints about @staticmod. | ||
| + | I also note my main problem is errors in my proftpd as I'm being hacked by user "administrator" unknown. proftpd logs to /var/log/secure not /var/log/ftp/proftpd as set in the default configs. | ||
| + | Once I set my email I allready nabbed a china hacker and got an email. | ||
| + | Thanks, I run snort,snortsam, and fail2ban and feel pretty secure. | ||
Revision as of 01:04, 29 June 2007
User Suggestions
I also love Fail2ban (great work guys), maybe I'm missing something but is there a way to unban an IP using fail2ban-client? If not could you add this feature?
Thank you :) You're right :/ You can't unban an IP address using fail2ban-client. This will be added in the next development branch (0.9). Be patient ;) --Lostcontrol 23:23, 21 March 2007 (CET)
Fail2ban is one of the best projects I've encountered - I love it! One suggestion: in 0.7 , the iptables.conf action uses pre-ban command"
iptables -L....
Is there a reason for this? Maybe ip spoofing? At any rate, this can cause fail2ban to take forever in implementing its actions if the iptables chains are big, because it causes DNS lookups for each entry. I suggest adding the "n" flag to the command, to speed things up, like this:
iptables -nL....
See:
netfilter FAQ: iptables -L takes a very long time to display the rules
and
Docunext: fail2ban iptable.conf action
Thank you. Added in the repository. --Lostcontrol 13:21, 14 December 2006 (PST)
=== Regexp for vsftp
IP Addresses in Documentaion
Hello, reading thru the docs and I just noticed that there are places where one should use 123.123.123.123 as an IP Address for documentation.
Refering to http://tools.ietf.org/html/rfc3330 Section 2, Paragraph 12 please do use the TEST-NET assigned numbers. I think it would save quite a few users from misconfiguring their stuff (Just search for "TEST-NET" on the page and you'll be taken directly to the corresponding paragraph.
In short RFC3330 Special-Use IPv4 Addresses:
192.0.2.0/24 - This block is assigned as "TEST-NET" for use in documentation and example code. It is often used in conjunction with domain names example.com or example.net in vendor and protocol documentation. Addresses within this block should not appear on the public Internet.
I know this is a bit picky but personally I found that it eases use of documentation (also if you use example.com and example.net domains in documentation rather than some probably not so bogus hostname)
Thank you for the suggestion. I will adapt the documentation. --Lostcontrol 23:12, 18 April 2007 (CEST)
I installed the .80 branch on my fedora clarkconnect box. Unfortunatley clark uses python 2.3, so I had to rpm it to 2.4 I had two python libraries so once i downloaded and untarred the fail2ban source I ran "/usr/bin/python2.4 setup.py install" and everything ran fine, no complaints about @staticmod. I also note my main problem is errors in my proftpd as I'm being hacked by user "administrator" unknown. proftpd logs to /var/log/secure not /var/log/ftp/proftpd as set in the default configs. Once I set my email I allready nabbed a china hacker and got an email. Thanks, I run snort,snortsam, and fail2ban and feel pretty secure.
