Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

#1  2009-03-02 22:07:49

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

fail2ban

Kod:

2009-03-02 02:14:40,957 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-03-02 02:14:40,959 fail2ban.jail   : INFO   Creating new jail 'ssh'
2009-03-02 02:14:40,959 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2009-03-02 02:14:40,997 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 02:14:40,999 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:14:41,002 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:14:41,004 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:14:41,160 fail2ban.jail   : INFO   Jail 'ssh' started
2009-03-02 02:19:12,609 fail2ban.jail   : INFO   Jail 'ssh' stopped
2009-03-02 02:19:13,137 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-03-02 02:19:13,139 fail2ban.jail   : INFO   Creating new jail 'apache-noscript'
2009-03-02 02:19:13,139 fail2ban.jail   : INFO   Jail 'apache-noscript' uses poller
2009-03-02 02:19:13,166 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 02:19:13,168 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:19:13,171 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,172 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,192 fail2ban.jail   : INFO   Creating new jail 'named-refused-udp'
2009-03-02 02:19:13,193 fail2ban.jail   : INFO   Jail 'named-refused-udp' uses poller
2009-03-02 02:19:13,195 fail2ban.filter : INFO   Added logfile = /var/log/named/security.log
2009-03-02 02:19:13,197 fail2ban.filter : INFO   Set maxRetry = 3
2009-03-02 02:19:13,200 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,201 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,220 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
2009-03-02 02:19:13,220 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses poller
2009-03-02 02:19:13,222 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 02:19:13,224 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:19:13,227 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,229 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,244 fail2ban.jail   : INFO   Creating new jail 'apache-overflows'
2009-03-02 02:19:13,245 fail2ban.jail   : INFO   Jail 'apache-overflows' uses poller
2009-03-02 02:19:13,247 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 02:19:13,249 fail2ban.filter : INFO   Set maxRetry = 2
2009-03-02 02:19:13,252 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,253 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,275 fail2ban.jail   : INFO   Creating new jail 'ssh'
2009-03-02 02:19:13,276 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2009-03-02 02:19:13,278 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 02:19:13,280 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:19:13,282 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,284 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,406 fail2ban.jail   : INFO   Creating new jail 'apache'
2009-03-02 02:19:13,406 fail2ban.jail   : INFO   Jail 'apache' uses poller
2009-03-02 02:19:13,409 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 02:19:13,410 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:19:13,413 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,415 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,435 fail2ban.jail   : INFO   Creating new jail 'named-refused-tcp'
2009-03-02 02:19:13,436 fail2ban.jail   : INFO   Jail 'named-refused-tcp' uses poller
2009-03-02 02:19:13,438 fail2ban.filter : INFO   Added logfile = /var/log/named/security.log
2009-03-02 02:19:13,440 fail2ban.filter : INFO   Set maxRetry = 3
2009-03-02 02:19:13,443 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:19:13,444 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:19:13,478 fail2ban.jail   : INFO   Jail 'apache-noscript' started
2009-03-02 02:19:13,504 fail2ban.jail   : INFO   Jail 'named-refused-udp' started
2009-03-02 02:19:13,574 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
2009-03-02 02:19:13,616 fail2ban.jail   : INFO   Jail 'apache-overflows' started
2009-03-02 02:19:13,655 fail2ban.jail   : INFO   Jail 'ssh' started
2009-03-02 02:19:13,666 fail2ban.jail   : INFO   Jail 'apache' started
2009-03-02 02:19:13,731 fail2ban.jail   : INFO   Jail 'named-refused-tcp' started
2009-03-02 02:34:39,763 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows
iptables -F fail2ban-apache-overflows
iptables -X fail2ban-apache-overflows returned 100
2009-03-02 02:34:39,764 fail2ban.jail   : INFO   Jail 'apache-overflows' stopped
2009-03-02 02:34:40,578 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript
iptables -F fail2ban-apache-noscript
iptables -X fail2ban-apache-noscript returned 100
2009-03-02 02:34:40,578 fail2ban.jail   : INFO   Jail 'apache-noscript' stopped
2009-03-02 02:34:40,781 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh returned 100
2009-03-02 02:34:41,173 fail2ban.jail   : INFO   Jail 'ssh' stopped
2009-03-02 02:34:41,604 fail2ban.actions.action: ERROR  iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp
iptables -F fail2ban-named-refused-udp
iptables -X fail2ban-named-refused-udp returned 100
2009-03-02 02:34:41,605 fail2ban.jail   : INFO   Jail 'named-refused-udp' stopped
2009-03-02 02:34:41,904 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache
iptables -F fail2ban-apache
iptables -X fail2ban-apache returned 100
2009-03-02 02:34:41,905 fail2ban.jail   : INFO   Jail 'apache' stopped
2009-03-02 02:34:42,640 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos
iptables -F fail2ban-ssh-ddos
iptables -X fail2ban-ssh-ddos returned 100
2009-03-02 02:34:42,641 fail2ban.jail   : INFO   Jail 'ssh-ddos' stopped
2009-03-02 02:34:42,912 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp
iptables -F fail2ban-named-refused-tcp
iptables -X fail2ban-named-refused-tcp returned 100
2009-03-02 02:34:42,912 fail2ban.jail   : INFO   Jail 'named-refused-tcp' stopped
2009-03-02 02:34:43,441 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-03-02 02:34:43,443 fail2ban.jail   : INFO   Creating new jail 'apache-noscript'
2009-03-02 02:34:43,443 fail2ban.jail   : INFO   Jail 'apache-noscript' uses poller
2009-03-02 02:34:43,469 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 02:34:43,471 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:34:43,474 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,476 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,496 fail2ban.jail   : INFO   Creating new jail 'named-refused-udp'
2009-03-02 02:34:43,497 fail2ban.jail   : INFO   Jail 'named-refused-udp' uses poller
2009-03-02 02:34:43,499 fail2ban.filter : INFO   Added logfile = /var/log/named/security.log
2009-03-02 02:34:43,501 fail2ban.filter : INFO   Set maxRetry = 3
2009-03-02 02:34:43,504 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,505 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,523 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
2009-03-02 02:34:43,524 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses poller
2009-03-02 02:34:43,527 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 02:34:43,528 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:34:43,531 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,533 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,549 fail2ban.jail   : INFO   Creating new jail 'apache-overflows'
2009-03-02 02:34:43,550 fail2ban.jail   : INFO   Jail 'apache-overflows' uses poller
2009-03-02 02:34:43,552 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 02:34:43,554 fail2ban.filter : INFO   Set maxRetry = 2
2009-03-02 02:34:43,557 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,559 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,581 fail2ban.jail   : INFO   Creating new jail 'ssh'
2009-03-02 02:34:43,581 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2009-03-02 02:34:43,584 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 02:34:43,586 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:34:43,588 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,590 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,714 fail2ban.jail   : INFO   Creating new jail 'apache'
2009-03-02 02:34:43,715 fail2ban.jail   : INFO   Jail 'apache' uses poller
2009-03-02 02:34:43,717 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 02:34:43,719 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 02:34:43,722 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,723 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,744 fail2ban.jail   : INFO   Creating new jail 'named-refused-tcp'
2009-03-02 02:34:43,745 fail2ban.jail   : INFO   Jail 'named-refused-tcp' uses poller
2009-03-02 02:34:43,747 fail2ban.filter : INFO   Added logfile = /var/log/named/security.log
2009-03-02 02:34:43,749 fail2ban.filter : INFO   Set maxRetry = 3
2009-03-02 02:34:43,752 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 02:34:43,753 fail2ban.actions: INFO   Set banTime = 600
2009-03-02 02:34:43,788 fail2ban.jail   : INFO   Jail 'apache-noscript' started
2009-03-02 02:34:43,811 fail2ban.jail   : INFO   Jail 'named-refused-udp' started
2009-03-02 02:34:43,882 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
2009-03-02 02:34:43,922 fail2ban.jail   : INFO   Jail 'apache-overflows' started
2009-03-02 02:34:43,973 fail2ban.jail   : INFO   Jail 'ssh' started
2009-03-02 02:34:44,049 fail2ban.jail   : INFO   Jail 'apache' started
2009-03-02 02:34:44,076 fail2ban.jail   : INFO   Jail 'named-refused-tcp' started
2009-03-02 14:28:58,869 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150
2009-03-02 14:38:59,141 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150
2009-03-02 14:49:32,181 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150
2009-03-02 14:59:32,229 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150
2009-03-02 15:00:16,381 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150
2009-03-02 15:10:16,425 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150
2009-03-02 15:11:45,465 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150
2009-03-02 15:21:45,501 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150
2009-03-02 15:26:03,541 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150
2009-03-02 15:36:03,581 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150
2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-apache-noscript returned 100
2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2009-03-02 15:36:03,646 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript
iptables -F fail2ban-apache-noscript
iptables -X fail2ban-apache-noscript returned 100
2009-03-02 15:36:03,714 fail2ban.actions.action: ERROR  iptables -D fail2ban-apache-noscript -s 77.253.0.150 -j DROP returned 100
2009-03-02 15:37:07,713 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150
2009-03-02 15:47:07,749 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150
2009-03-02 19:38:22,256 fail2ban.actions: WARNING [apache-noscript] Ban 83.238.148.13
2009-03-02 19:48:22,589 fail2ban.actions: WARNING [apache-noscript] Unban 83.238.148.13
2009-03-02 22:04:25,577 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows
iptables -F fail2ban-apache-overflows
iptables -X fail2ban-apache-overflows returned 100
2009-03-02 22:04:25,578 fail2ban.jail   : INFO   Jail 'apache-overflows' stopped
2009-03-02 22:04:26,121 fail2ban.jail   : INFO   Jail 'apache-noscript' stopped
2009-03-02 22:04:26,163 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh returned 100
2009-03-02 22:04:26,785 fail2ban.jail   : INFO   Jail 'ssh' stopped
2009-03-02 22:04:27,259 fail2ban.actions.action: ERROR  iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp
iptables -F fail2ban-named-refused-udp
iptables -X fail2ban-named-refused-udp returned 100
2009-03-02 22:04:27,259 fail2ban.jail   : INFO   Jail 'named-refused-udp' stopped
2009-03-02 22:04:27,324 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache
iptables -F fail2ban-apache
iptables -X fail2ban-apache returned 100
2009-03-02 22:04:28,217 fail2ban.jail   : INFO   Jail 'apache' stopped
2009-03-02 22:04:29,176 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos
iptables -F fail2ban-ssh-ddos
iptables -X fail2ban-ssh-ddos returned 100
2009-03-02 22:04:29,176 fail2ban.jail   : INFO   Jail 'ssh-ddos' stopped
2009-03-02 22:04:29,295 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp
iptables -F fail2ban-named-refused-tcp
iptables -X fail2ban-named-refused-tcp returned 100
2009-03-02 22:04:29,295 fail2ban.jail   : INFO   Jail 'named-refused-tcp' stopped
2009-03-02 22:04:29,993 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-03-02 22:04:29,995 fail2ban.jail   : INFO   Creating new jail 'apache-noscript'
2009-03-02 22:04:29,995 fail2ban.jail   : INFO   Jail 'apache-noscript' uses poller
2009-03-02 22:04:30,040 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 22:04:30,042 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 22:04:30,045 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,047 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,067 fail2ban.jail   : INFO   Creating new jail 'named-refused-udp'
2009-03-02 22:04:30,068 fail2ban.jail   : INFO   Jail 'named-refused-udp' uses poller
2009-03-02 22:04:30,078 fail2ban.filter : INFO   Added logfile = /var/log/named/security.log
2009-03-02 22:04:30,080 fail2ban.filter : INFO   Set maxRetry = 3
2009-03-02 22:04:30,083 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,085 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,103 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
2009-03-02 22:04:30,103 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses poller
2009-03-02 22:04:30,106 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 22:04:30,108 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 22:04:30,111 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,112 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,129 fail2ban.jail   : INFO   Creating new jail 'apache-overflows'
2009-03-02 22:04:30,129 fail2ban.jail   : INFO   Jail 'apache-overflows' uses poller
2009-03-02 22:04:30,131 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 22:04:30,133 fail2ban.filter : INFO   Set maxRetry = 2
2009-03-02 22:04:30,136 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,138 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,161 fail2ban.jail   : INFO   Creating new jail 'ssh'
2009-03-02 22:04:30,161 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2009-03-02 22:04:30,164 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2009-03-02 22:04:30,165 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 22:04:30,168 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,170 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,292 fail2ban.jail   : INFO   Creating new jail 'apache'
2009-03-02 22:04:30,292 fail2ban.jail   : INFO   Jail 'apache' uses poller
2009-03-02 22:04:30,295 fail2ban.filter : INFO   Added logfile = /var/log/apache2/error.log
2009-03-02 22:04:30,296 fail2ban.filter : INFO   Set maxRetry = 6
2009-03-02 22:04:30,299 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,301 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,322 fail2ban.jail   : INFO   Creating new jail 'named-refused-tcp'
2009-03-02 22:04:30,322 fail2ban.jail   : INFO   Jail 'named-refused-tcp' uses poller
2009-03-02 22:04:30,325 fail2ban.filter : INFO   Added logfile = /var/log/named/security.log
2009-03-02 22:04:30,327 fail2ban.filter : INFO   Set maxRetry = 3
2009-03-02 22:04:30,330 fail2ban.filter : INFO   Set findtime = 600
2009-03-02 22:04:30,331 fail2ban.actions: INFO   Set banTime = 3600
2009-03-02 22:04:30,425 fail2ban.jail   : INFO   Jail 'apache-noscript' started
2009-03-02 22:04:30,463 fail2ban.jail   : INFO   Jail 'named-refused-udp' started
2009-03-02 22:04:30,497 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
2009-03-02 22:04:30,627 fail2ban.jail   : INFO   Jail 'apache-overflows' started
2009-03-02 22:04:30,674 fail2ban.jail   : INFO   Jail 'ssh' started
2009-03-02 22:04:30,722 fail2ban.jail   : INFO   Jail 'apache' started
2009-03-02 22:04:30,795 fail2ban.jail   : INFO   Jail 'named-refused-tcp' started

czemu mam te bledy?

Kod:

2009-03-02 02:34:39,763 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows
2009-03-02 02:34:40,578 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript
2009-03-02 02:34:40,781 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
2009-03-02 02:34:41,604 fail2ban.actions.action: ERROR  iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp
2009-03-02 02:34:41,904 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache
2009-03-02 02:34:42,640 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos
2009-03-02 02:34:42,912 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp
2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-apache-noscript returned 100
2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2009-03-02 15:36:03,646 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript
2009-03-02 15:36:03,714 fail2ban.actions.action: ERROR  iptables -D fail2ban-apache-noscript -s 77.253.0.150 -j DROP returned 100
2009-03-02 22:04:25,577 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows
2009-03-02 22:04:26,163 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
2009-03-02 22:04:27,259 fail2ban.actions.action: ERROR  iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp
2009-03-02 22:04:27,324 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache
2009-03-02 22:04:29,176 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos
2009-03-02 22:04:29,295 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp

Debian everywhere

Offline

 

#2  2009-03-02 22:23:42

  urug - Członek DUG

urug
Członek DUG
Skąd: Częstochowa
Zarejestrowany: 2008-04-22
Serwis

Re: fail2ban

Czyściłeś w tym czasie łańcuch INPUT iptables?


Pozdrawiam, Tomek

Offline

 

#3  2009-03-03 00:01:38

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

nie, ciagle mam ten sam

Kod:

#!/bin/sh
IPTABLES=/sbin/iptables

$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A FORWARD -o lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
$IPTABLES -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
$IPTABLES -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED

$IPTABLES -A INPUT -p icmp -j ACCEPT                                                    # ping

$IPTABLES -I INPUT -i wlan0 -s 10.0.0.0/8 -j DROP                                       # zabezpieczenie przeciw atakowi typu spoofing
$IPTABLES -I INPUT -i wlan0 -s 172.16.0.0/12 -j DROP                                    # zabezpieczenie przeciw atakowi typu spoofing
$IPTABLES -I INPUT -i wlan0 -s 192.168.0.0/16 -j DROP                                   # zabezpieczenie przeciw atakowi typu spoofing
$IPTABLES -I INPUT -i wlan0 -s 192.168.13.37 -j ACCEPT                                  # dopuszczenie ruchu z routera
$IPTABLES -I INPUT -i wlan0 -s 127.0.0.0/8 -j DROP                                      # zabezpieczenie przeciw atakowi typu spoofing

$IPTABLES -A INPUT -p tcp -s 192.168.13.37 --dport 22 -j ACCEPT                         # ssh router (port 22)
$IPTABLES -A INPUT -p tcp -s 192.168.13.37 --dport 443 -j ACCEPT                        # ssh router (port 443)

$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT                                          # dns (bind)
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT                                          # dns (bind)
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT                                          # http (apache)
$IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT                                         # auth (oidentd)

$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP                          # zabezpieczenie
$IPTABLES -A INPUT -f -j DROP                                                           # zabezpieczenie
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP                                   # zabezpieczenie
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP                                  # zabezpieczenie

$IPTABLES -I INPUT -p icmp --icmp-type redirect -j DROP                                 # zabezpieczenie
$IPTABLES -I INPUT -p icmp --icmp-type router-advertisement -j DROP                     # zabezpieczenie
$IPTABLES -I INPUT -p icmp --icmp-type router-solicitation -j DROP                      # zabezpieczenie
$IPTABLES -I INPUT -p icmp --icmp-type address-mask-request -j DROP                     # zabezpieczenie
$IPTABLES -I INPUT -p icmp --icmp-type address-mask-reply -j DROP                       # zabezpieczenie

$IPTABLES -A INPUT -i he-ipv6 -j ACCEPT                                                 # ipv6
$IPTABLES -A OUTPUT -o he-ipv6 -j ACCEPT                                                # ipv6
$IPTABLES -A INPUT -j ACCEPT -p ipv6 -s 209.51.161.14                                   # ipv6
$IPTABLES -A OUTPUT -j ACCEPT -p ipv6 -d 209.51.161.14                                  # ipv6

$IPTABLES -I INPUT -s 91.121.210.146 -j DROP                                            # wycięcie ks364702.kimsufi.com

$IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset                             # wycięcie innych protokołów jak TCP, UDP, ICMP
$IPTABLES -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable                 # wycięcie innych protokołów jak TCP, UDP, ICMP

$IPTABLES -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7       # logowanie porzuconych pakietów

Debian everywhere

Offline

 

#4  2009-03-03 11:59:35

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

Kod:

root@debian:~ # /etc/init.d/firewall.sh
root@debian:~ # /etc/init.d/fail2ban restart
Restarting authentication failure monitor: fail2ban.

ok, zobaczymy


Debian everywhere

Offline

 

#5  2009-03-09 20:51:41

  atomekd - Użytkownik

atomekd
Użytkownik
Zarejestrowany: 2006-06-01

Re: fail2ban

Sprawdź czy masz np. załadowany moduł multiport. Jak nie to pewnie to. Ja miałem podobny problem.


atomekd

Offline

 

#6  2009-03-10 18:02:23

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

tzn wczesniej co jakis czas chyba firewalla "restartowalem", teraz juz slicznie dziala :)


Debian everywhere

Offline

 

#7  2009-03-17 11:25:35

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

a jak odbanowac kogos :D? bo mnie zbanowalo :P


Debian everywhere

Offline

 

#8  2009-03-17 14:30:18

  urug - Członek DUG

urug
Członek DUG
Skąd: Częstochowa
Zarejestrowany: 2008-04-22
Serwis

Re: fail2ban

Jak nie masz dostępu do maszyny, to nie odbanujesz :-P
Poza tym reset fail2bana, bądź ręczne usunięcie regułek wystarcza w większości przypadków.


Pozdrawiam, Tomek

Offline

 

#9  2009-03-17 16:37:44

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

probowalem recznie usunac z denyhosts i zaraz dokaldalo od nowa

to jak to sciagnac? mam denyhosts i fail2ban moge lokalnjie sie na serwer zalogowac

Ostatnio edytowany przez az (2009-03-17 17:34:58)


Debian everywhere

Offline

 

#10  2009-03-18 22:15:26

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

to da sie jakos usunac te bany?


Debian everywhere

Offline

 

#11  2009-03-18 22:27:13

  urug - Członek DUG

urug
Członek DUG
Skąd: Częstochowa
Zarejestrowany: 2008-04-22
Serwis

Re: fail2ban

Wyłącz fail2ban, usuń wpisy, włącz fail2bana. Nie działa tak?


Pozdrawiam, Tomek

Offline

 

#12  2009-03-18 23:02:38

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

nic, dodaje go znowu..


Debian everywhere

Offline

 

#13  2009-03-18 23:34:03

  urug - Członek DUG

urug
Członek DUG
Skąd: Częstochowa
Zarejestrowany: 2008-04-22
Serwis

Re: fail2ban

Jest coś takiego jak lista ignorowanych IP. Zainteresuj się nią może? :)


Pozdrawiam, Tomek

Offline

 

#14  2009-03-19 00:26:30

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

zrobilem stop
fail2ban, denyhosts
edytowalem ten plik hosts.deny, usunalem 192.168.*
"odpalilem" firewalla (skrypt sh), fail2ban i denyhosts, dalo sie wejsc, po jakims czasie sprawdzam..

root@debian:~ # cat /etc/hosts.deny | grep 192.168
ALL: 192.168.1.100
ALL: 192.168.1.86

eee teraz widze ze to jednak denyhosts mnie banuje
2009-03-18 23:06:16,135 - denyhosts   : INFO     new denied hosts: ['192.168.1.100', '192.168.1.86']

w koncu w fail2ban jest opcja ignorowania zakresu IP.. a w denyhosts chyba nie ;/

szukalem w faq denyhosts ale nie widze, ma taka opcje zeby danego zakresu ip nie blokowal?

Ostatnio edytowany przez az (2009-03-19 00:38:00)


Debian everywhere

Offline

 

#15  2009-03-19 12:48:04

  az - debianlover

az
debianlover
Zarejestrowany: 2009-01-23

Re: fail2ban

Dobra, znalazlem :P

How can I remove an IP address that DenyHosts blocked?

If you have been accidentally locked out of one of your hosts (because DenyHosts has added it to /etc/hosts.deny you may have noticed that simply removing it from /etc/hosts.deny does not in itself correct the issue) since DenyHosts keeps track of the attempts in the WORK_DIR files. In order to cleanse the address you will need to do the following:

   1. Stop DenyHosts
   2. Remove the IP address from /etc/hosts.deny
   3. Edit WORK_DIR/hosts and remove the lines containing the IP address. Save the file.
   4. Edit WORK_DIR/hosts-restricted and remove the lines containing the IP address. Save the file.
   5. Edit WORK_DIR/hosts-root and remove the lines containing the IP address. Save the file.
   6. Edit WORK_DIR/hosts-valid and remove the lines containing the IP address. Save the file.
   7. Edit WORK_DIR/user-hosts and remove the lines containing the IP address. Save the file.
   8. (optional) Consider adding the IP address to WORK_DIR/allowed-hosts
   9. Start DenyHosts

Note: Not all of the WORK_DIR files will contain the IP address so you may want to use grep to determine which files contain the IP address.[/quote]

root@debian:~ # cat /etc/denyhosts.conf | grep WORK_DIR | grep =
WORK_DIR = /var/lib/denyhosts[/quote]


Debian everywhere

Offline

 

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
Nas ludzie lubią po prostu, a nie klikając w przyciski ;-)

[ Generated in 0.010 seconds, 11 queries executed ]

Informacje debugowania

Time (s) Query
0.00011 SET CHARSET latin2
0.00004 SET NAMES latin2
0.00100 SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.144.3.181' WHERE u.id=1
0.00062 REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.144.3.181', 1731811507)
0.00051 SELECT * FROM punbb_online WHERE logged<1731811207
0.00065 SELECT topic_id FROM punbb_posts WHERE id=114344
0.00168 SELECT id FROM punbb_posts WHERE topic_id=13596 ORDER BY posted
0.00058 SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=13596 AND t.moved_to IS NULL
0.00023 SELECT search_for, replace_with FROM punbb_censoring
0.00149 SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=13596 ORDER BY p.id LIMIT 0,25
0.00090 UPDATE punbb_topics SET num_views=num_views+1 WHERE id=13596
Total query time: 0.00781 s