CSF + LFD work very well and are easily configured via their webmin module, would also highly reccomend it
| Linode Forum https://forum.linode.com/ |
|
| Is there an alternatives to fail2ban? https://forum.linode.com/viewtopic.php?f=19&t=7463 |
Page 1 of 2 |
| Author: | sblantipodi [ Mon Jul 25, 2011 12:01 pm ] |
| Post subject: | Is there an alternatives to fail2ban? |
As title, I always used fail2ban with my CentOS box but now with CentOS 6 I'm not able to get it to work again. Service starts without error, all is configured ok, no error on logs but fail2ban doesn't ban anyone on my box. Is there an alternative software to fail2ban with similar functionalities? I need to ban IP that fails auth on squirrelmail (I have installed squirrel_logger), on php, on apache and on phpmyadmin, ah and dovecot. |
|
| Author: | sblantipodi [ Mon Jul 25, 2011 4:26 pm ] |
| Post subject: | |
it seems that fail2ban doesn't work with python 2.6 except for ssh... its really sad to see a good software like this to fail in this way. Four years without any new features, three years without a decent fix to major problem, two years and no fix to phyton compatibility problems, board is full of spam without any moderation. Its a dead software but I don't see any alternatives. The only one could be denyhosts but it isn't an alternatives, at all, since it only protect the ssh port. |
|
| Author: | waldo [ Mon Jul 25, 2011 5:47 pm ] |
| Post subject: | |
Looks like Python 2.6 should work with the latest version of Fail2ban: http://www.fail2ban.org/wiki/index.php/ ... d_older.29 I know on Debian 6.0, fail2ban works just fine with python 2.6.6 |
|
| Author: | sblantipodi [ Mon Jul 25, 2011 5:49 pm ] |
| Post subject: | |
waldo wrote: Looks like Python 2.6 should work with the latest version of Fail2ban:
http://www.fail2ban.org/wiki/index.php/ ... d_older.29 I know on Debian 6.0, fail2ban works just fine with python 2.6.6 On the net I find only complaints about fail2ban and Python 2.6, the only regexpr that works ok is the one for SSH. Probably the debian you are talking about uses only ssh protection. |
|
| Author: | waldo [ Mon Jul 25, 2011 6:16 pm ] |
| Post subject: | |
That's primarily all I use it for, but as far as I can tell, the Debian guys have filters for apache, courier, exmin, gssftpd, lighttpd, pam, postfix, pure-ftpd, gmail, sasl, sieve, sshd-ddos, sshd, vsftpd, webmin-auth, wuftpd, xinetd and a few others. Seeing how fail2ban, python 2.6 and all just worked right out of the box for me on Debian, I'm assuming the others work just fine. |
|
| Author: | sblantipodi [ Tue Jul 26, 2011 6:59 am ] |
| Post subject: | |
waldo wrote: That's primarily all I use it for, but as far as I can tell, the Debian guys have filters for apache, courier, exmin, gssftpd, lighttpd, pam, postfix, pure-ftpd, gmail, sasl, sieve, sshd-ddos, sshd, vsftpd, webmin-auth, wuftpd, xinetd and a few others.
Seeing how fail2ban, python 2.6 and all just worked right out of the box for me on Debian, I'm assuming the others work just fine. can you give me some output of fail2ban-regexpr with some of your filter.d/files ? |
|
| Author: | waldo [ Tue Jul 26, 2011 8:54 am ] |
| Post subject: | |
Sure: If you download: http://ftp.de.debian.org/debian/pool/ma ... rig.tar.gz from: http://packages.debian.org/squeeze/fail2ban Then dig into config/filter.d those are the same files I'm using. From what I can tell, it appears the Debian maintainer has modified the following files in the package: action.d/iptables-multiport.conf action.d/iptables-new.conf action.d/mail-whois-lines.conf action.d/iptables-all-ports.conf jail.conf filter.d/apache-nohome.conf filter.d/named-refused.conf filter.d/apache-badbots.conf filter.d/proftpd.conf filter.d/pure-ftpd.conf filter.d/wuftpd.conf filter.d/common.conf filter.d/ssdh-ddos.conf filter.d/pam-generic.conf filter.d/sasl.conf |
|
| Author: | sblantipodi [ Tue Jul 26, 2011 9:15 am ] |
| Post subject: | |
in my case regexpr are correct (checked with regexpr calculator for python), fail2ban is well configured and it doesn't match anything. I have founded dozens of other users with my same problem on the net, it could be interesting to see how debian modified that files to make it work. in any case this is a dead software since many years, its best to find a new one but the problem is that I cannot find an alternatives. |
|
| Author: | waldo [ Tue Jul 26, 2011 9:38 am ] |
| Post subject: | |
Why do you say it's dead? Because it's not in constant development with regular releases? Sure the last release was 2 years ago: http://www.fail2ban.org/wiki/index.php/Main_Page Perhaps it's mature and because of it's very nature doesn't need to be constantly updated. It just reads log files and runs some external commands (usually to make changes to standard firewalls, like iptables). You do have a firewall installed, right? If you've installed fail2ban from the Centos repository and it's not working, sounds like they broke something, or the package maintainer never tested.... This is the only browsable repo I can find for Centos: http://pkgs.repoforge.org/fail2ban/ Looks like the newest version of fail2ban available from the Centos repos is quite old Though Fedora is current: http://download.fedora.redhat.com/pub/e ... l2ban.html I'd check to see what version of fail2ban got installed on your server. |
|
| Author: | sblantipodi [ Tue Jul 26, 2011 10:01 am ] |
| Post subject: | |
waldo wrote: Why do you say it's dead? Because it's not in constant development with regular releases?
Sure the last release was 2 years ago: http://www.fail2ban.org/wiki/index.php/Main_Page Perhaps it's mature and because of it's very nature doesn't need to be constantly updated. It just reads log files and runs some external commands (usually to make changes to standard firewalls, like iptables). You do have a firewall installed, right? If you've installed fail2ban from the Centos repository and it's not working, sounds like they broke something, or the package maintainer never tested.... This is the only browsable repo I can find for Centos: http://pkgs.repoforge.org/fail2ban/ Looks like the newest version of fail2ban available from the Centos repos is quite old Though Fedora is current: http://download.fedora.redhat.com/pub/e ... l2ban.html I'd check to see what version of fail2ban got installed on your server. I'm using the latest 0.8.4 from fedora epel |
|
| Author: | haus [ Tue Jul 26, 2011 10:11 am ] |
| Post subject: | |
There's always the LFD component of CSF: http://www.configserver.com/cp/csf.html My personal favorite. And yes, it can do squirrelmail as I wrote a rule for it some time ago. |
|
| Author: | sblantipodi [ Wed Jul 27, 2011 4:25 pm ] |
| Post subject: | |
I solved the problem with fail2ban, there was a date problem. I solved by editing: /etc/fail2ban/filter.d/common.conf and changing __prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s* with this: __prefix_line = .*? |
|
| Author: | GLaDOSDan [ Wed Jul 27, 2011 4:28 pm ] |
| Post subject: | |
haus wrote: There's always the LFD component of CSF:
http://www.configserver.com/cp/csf.html My personal favorite. And yes, it can do squirrelmail as I wrote a rule for it some time ago. Agreed, I love CSF/LFD. |
|
| Author: | captainkrtek [ Wed Aug 03, 2011 11:16 pm ] |
| Post subject: | |
CSF + LFD work very well and are easily configured via their webmin module, would also highly reccomend it
|
|
| Author: | node_tux [ Fri Aug 12, 2011 2:30 pm ] |
| Post subject: | |
fail2ban-regex is a command line utility to test your filters against a log file. man fail2ban-regex for usage. |
|
| Page 1 of 2 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|