[CentOS] fail2ban attempt, anyone want to add anything?
Bob Hoffman
bob at bobhoffman.com
Fri Apr 20 13:40:25 UTC 2012
On 4/20/2012 9:25 AM, Tilman Schmidt wrote:
> Am 20.04.2012 08:02, schrieb Bob Hoffman:
> ction = iptables-multiport[name=ApacheAuth, port=80,443, protocol=tcp]
> I prefer action = iptables-allports on all of these, so that a
> source address attempting a bruteforce attack on one service is
> immediately banned from all services. I can't imagine a scenario
> where a machine that got blocked, for example, for attempting to
> bruteforce passwords via SMTP AUTH, should be allowed to try via
> FTP next. Even password attempts against ssh, which accepts only
> public key authentication on all my machines, trigger a block on
> all ports. So far I haven't had a single complaint about that.
>> service fail2ban start
>> chkconfig fail2ban on
>> service iptables restart (not sure if you have to or not with each
>> fail2ban restart)
>>
>> I don't think you have to. I never do, and it works fine anyway.
U will try the 'all ports' for sure, that was what I wanted.
Logwatch, as it comes with centos, does not have any scripts at all for
fail2ban, mine were pretty devoid of anything
I added the 7.4 stuff and am playing with it now.
I have seen no logging yet of any attempts nor do I know any way of
seeing if it works.
will post final solution if I ever see it working.
More information about the CentOS
mailing list