Re: F15: fail2ban not in iptables status



On Fri, Jun 3, 2011 at 4:05 AM, sguazt <marco.guazzone@xxxxxxxxx> wrote:

On Sun, May 29, 2011 at 3:30 PM, sguazt <marco.guazzone@xxxxxxxxx> wrote:

Hi,
Still have problems. Under /var/log/messages I've this message:

fail2ban.comm : WARNING Invalid command: ['add', 'ssh-iptables', 'auto']

Don't know if it is related to my problem.

Anyway, I am the only one that has this problem (or that runs fail2ban ;)
)?


Hi there. Although I do not use fail2ban this sure looks like a bug. You
should probably file a bug report.

If you want some protection from ssh intruders here are a couple of iptables
rules you can use until the fail2ban problem is resolved.

-A local_input_filter -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK
SYN -m recent --set --name SSH --rsource
-A local_input_filter -m recent --update --seconds 40 --hitcount 3 --name
SSH --rsource -j DROP

If someone tries to login to your system via ssh more than 3 times in 40
seconds any further packets will be dropped. I've been using these rules
for about 5 years and they work well.

Mike
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


Relevant Pages

  • Re: auth.log showing attempted access
    ... and root disabled as a login through ssh. ... for my home computer (as well as fail2ban) was ... take a look in fwlogwatch and other NIDS' that can create block rules ... based on network activity, together with fail2ban that blocks based on log ...
    (Ubuntu)
  • Re: denyhosts, fail2ban, or something else?
    ... considering using denyhosts, or fail2ban. ... I'm already using the AllowUsers facility of ssh to only allow specific ...
    (freebsd-questions)
  • Re: How do you handle invalid ssh logins?
    ... no password accounts or default passwords, how do you handle these people? ... I use a program called fail2ban that works well by blocking the ip for 15 minutes on 4 invalid ssh logins. ... Your best bet is to run ssh on a different port use a program like Fail2Ban or DenyHosts and simply disable password logins and use public keys. ...
    (linux.redhat)
  • fail2ban doesnt block (ssh)
    ... I have a strange problem with fail2ban. ... One server works fine, if a user try to login over SSH he will get blocked if he uses a wrong password to often. ... Chain FORWARD ...
    (Debian-User)
  • Re: some attack to fedora machine .
    ... F8 installation last December. ... Each and every time the invader came in through ssh. ... You should also set up SSH to only use key pairs to allow logins. ... addresses in fail2ban logs in a relatively short while. ...
    (Fedora)