[CentOS] fail2ban attempt, anyone want to add anything?
Bob Hoffman
bob at bobhoffman.com
Fri Apr 20 06:36:40 UTC 2012
On 4/20/2012 2:24 AM, Bob Hoffman wrote:
> if I could add something, definitely put ports, if numbers, in
> quotes...without quotes I got some errors in the logs
> port=ftp, no quotes.....port="2222" quotes
>
> and I added one for vsftp, I use port 5000
>
> [vsftpd-iptables]
> enabled = true
> filter = vsftpd
> action = iptables[name=VSFTPD, port="5000", protocol=tcp]
> logpath = /var/log/vsftpd.log
> maxretry = 5
> bantime = 1800
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
my final add on this tonight..
due to the older versions of 'whatever' centos uses, there will be
errors on startup of fail2ban regarding multiport
jails.
To avoid these errors it was suggested to add a sleep mechanism to the
start up commands in the proper file.
/etc/fail2ban/action.d/iptables-mutliport.conf
added a sleep line sleep `perl -e 'print rand(3);'` to line 14 and
dropped everything down one line to make room for it
actionstart = sleep `perl -e 'print rand(3);'`
iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I INPUT -p <protocol> -m multiport --dports
<port> -j fail2ban-<name>
More information about the CentOS
mailing list