[CentOS] Fail2Ban
John Hinton
webmaster at ew3d.com
Sun Mar 1 22:50:01 UTC 2009
Agile Aspect wrote:
> Devraj Mukherjee wrote:
>
>> Hi all,
>>
>> I am trying to get fail2ban going on my server and its log message
>> reports the following error
>>
>> 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q
>> fail2ban-SSH' returned 256
>> 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh
>> -j fail2ban-SSH
>>
>> Is this because of the way the RedHat tool sets up the firewall?
>>
>> Thanks for any responses.
>>
>>
>>
> First, have you installed iptables, shorewall, and tcp-wrappers
> installed?
>
> Second, have you tried the failed grep expression, i.e., have
> you tried
>
> iptables -L INPUT | grep -q fail2ban-SSH
>
> As to why this would fail, you need to ask on the fail2ban
> mailing list since evidently this appears to be part of the
> installation.
>
> The iptables can be setup by anyone - RedHat simply provides
> a default set of rules.
>
>
Actually, it is a rather OS dependent package and the rules for CentOS
are difficult to write. That really doesn't belong on the fail2ban list
either.
You don't need shorewall, just the standard CentOS firewall works fine.
Just be sure to only enable iptables rules. I have rules working for
several things. SSH attempts, Dovecot attempts and a rule to block based
on my Spamhaus setup so that the same spammer doesn't keep loading up
sendmail with DNS queries. Now to try to figure out a rule for email
dictionary attacks. Unfortunately the logs don't provide a good method
of tying the reject to an IP address. RegEx... I'm very weak at RegEx.
John Hinton
More information about the CentOS
mailing list