Re: Fail2ban is failing

On Fri, 2024-05-03 at 16:52 -0500, Richard Shaw wrote: > On Fri, May 3, 2024 at 4:13 PM Patrick O'Callaghan > > wrote: > > > On Fri, 2024-05-03 at 13:08 -0400, Tom Rivers via users wrote: > > > Until the fix is available, I've been able to get it running > > > until > > > the > > > next system re

Re: Fail2ban is failing

On Fri, May 3, 2024 at 4:13 PM Patrick O'Callaghan wrote: > On Fri, 2024-05-03 at 13:08 -0400, Tom Rivers via users wrote: > > Until the fix is available, I've been able to get it running until > > the > > next system reboot by doing the following: > > > > # setenforce 0 > > # systemctl start fai

Re: Fail2ban is failing

On Fri, 2024-05-03 at 13:08 -0400, Tom Rivers via users wrote: > Until the fix is available, I've been able to get it running until > the > next system reboot by doing the following: > > # setenforce 0 > # systemctl start fail2ban > > ... wait a minute ... > > # setenforce 1 > That seems to w

Re: Fail2ban is failing

Until the fix is available, I've been able to get it running until the next system reboot by doing the following: # setenforce 0 # systemctl start fail2ban ... wait a minute ... # setenforce 1 Tom On 5/3/2024 12:39 PM, Patrick O'Callaghan wrote: On Fri, 2024-05-03 at 06:45 -0500, Richard Sh

Re: Fail2ban is failing

On Fri, 2024-05-03 at 06:45 -0500, Richard Shaw wrote: > On Fri, May 3, 2024 at 6:31 AM Patrick O'Callaghan > > wrote: > > > F40 fully updated. > > > > Try a `dnf --refresh update`. The fix just went to stable last night. That just gets the same update I already tried. poc --

Re: Fail2ban is failing

On Fri, May 3, 2024 at 6:31 AM Patrick O'Callaghan wrote: > F40 fully updated. > Try a `dnf --refresh update`. The fix just went to stable last night. Thanks, Richard -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an em

Re: fail2ban on F40 is quiet

On Sun, Apr 28, 2024 at 12:59:49PM -0400, Frank Bures wrote: > On 2024-04-28 11:39, Barry wrote: > > > > > > > On 28 Apr 2024, at 16:31, Frank Bures wrote: > > > > > > The problem is that there are no connection attempts in /var/log/secure > > > or /var/log/messages so obviously f2b has nothin

Re: fail2ban on F40 is quiet

On 2024-04-28 12:59, Frank Bures wrote: On 2024-04-28 11:39, Barry wrote: On 28 Apr 2024, at 16:31, Frank Bures wrote: The problem is that there are no connection attempts in /var/log/secure or /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and no

Re: fail2ban on F40 is quiet

On 2024-04-28 11:39, Barry wrote: On 28 Apr 2024, at 16:31, Frank Bures wrote: The problem is that there are no connection attempts in /var/log/secure or /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and nothing is updating the legacy /var/log fi

Re: fail2ban on F40 is quiet

> On 28 Apr 2024, at 16:31, Frank Bures wrote: > > The problem is that there are no connection attempts in /var/log/secure or > /var/log/messages so obviously f2b has nothing to do. Maybe the logs are in the journal and nothing is updating the legacy /var/log files? What does journalctl repo

Re: fail2ban on F40 is quiet

On 2024-04-28 10:58, Richard Shaw wrote: On Sun, Apr 28, 2024 at 9:31 AM Frank Bures > wrote: Hi, My machine is exposed to the wild and I was seeing hundreds of connection attempts per day in my logs and in fail2ban.log. All these nefarious activities c

Re: fail2ban on F40 is quiet

On 2024-04-28 11:03, Charles Dennett wrote: On 4/28/24 10:31 AM, Frank Bures wrote: Hi, My machine is exposed to the wild and I was seeing hundreds of connection attempts per day in my logs and in fail2ban.log. All these nefarious activities ceased after upgrade to F40. Question: Is there

Re: fail2ban on F40 is quiet

On 4/28/24 10:31 AM, Frank Bures wrote: Hi, My machine is exposed to the wild and I was seeing hundreds of connection attempts per day in my logs and in fail2ban.log. All these nefarious activities ceased after upgrade to F40. Question: Is there something fundamentally different in F40 con

Re: fail2ban on F40 is quiet

On Sun, Apr 28, 2024 at 9:31 AM Frank Bures wrote: > Hi, > > My machine is exposed to the wild and I was seeing hundreds of connection > attempts per day in my logs and in fail2ban.log. > > All these nefarious activities ceased after upgrade to F40. > > Question: > Is there something fundamentall

Re: Fail2ban-all

On Thu, Aug 6, 2020 at 5:07 AM Scott van Looy via users < users@lists.fedoraproject.org> wrote: > I’m running F32 > > Trying to update today and I get: > > Problem: cannot install the best update candidate for package > fail2ban-all-0.11.1-6.fc32.noarch > - nothing provides python2-inotify neede

Re: Fail2ban

On Mon, Feb 5, 2018 at 8:08 PM, Bill Shirley wrote: > If you have a huge number of addresses that are banned, you should use an > ipset action instead of iptables action. Just now getting a chance to respond to this thread... I tried using the ipset method but it appears to be broken... https:

Re: Fail2ban

If you have a huge number of addresses that are banned, you should use an ipset action instead of iptables action. Bill On 2/5/2018 3:53 PM, Jeffrey Ross wrote: Fedora 27 system Trying to get Fail2ban to work properly on the system and I'm looking for a good example to follow for the firewall

Re: fail2ban

On 09/25/2017 09:09 PM, Bill Shirley wrote: So your ipset is not getting created or has been deleted by another jail if it shares the same name. With fail2ban-client -d, look at your sshd jail, specifically the ['set', 'sshd', 'action', 'my_ipset_ip', 'name', 'IPv4-ip'] make sure the name is d

Re: fail2ban

So your ipset is not getting created or has been deleted by another jail if it shares the same name. With fail2ban-client -d, look at your sshd jail, specifically the ['set', 'sshd', 'action', 'my_ipset_ip', 'name', 'IPv4-ip'] make sure the name is different that all the other jails.  (Disregard

Re: fail2ban

On 2017-09-25 00:33, Bill Shirley wrote: > Looks like your ipset wasn't created or something caused it to be deleted. > ipset v6.29: The set with the given name does not exist > > Do you find the named ipset with: ipset -L -n > > Also, your default action (firewallcmd-allports.conf) doesn't use

Re: fail2ban

Looks like your ipset wasn't created or something caused it to be deleted. ipset v6.29: The set with the given name does not exist Do you find the named ipset with: ipset -L -n Also, your default action (firewallcmd-allports.conf) doesn't use ipset. Somehow your jail is using firewallcmd-ipset.c

Re: fail2ban questions

Hi, >> [ssh-iptables] >> enabled = true >> filter = sshd >> action = iptables[name=SSH, port=ssh, protocol=tcp] >>sendmail-whois[name=SSH, dest=myu...@mydomain.com, >> sender=d...@mydomain.com] >> logpath = /var/log/secure >> maxretry = 5 >> >> There doesn't seem to be a man page

Re: fail2ban questions

On Thu, Jan 17, 2013 at 08:16:18PM -0500, Alex wrote: > I have an fc17 install with a few fail2ban jail entries such as this: > [ssh-iptables] > enabled = true > filter = sshd > action = iptables[name=SSH, port=ssh, protocol=tcp] >sendmail-whois[name=SSH, dest=myu...@mydomain.com,

Re: fail2ban vs. logrotate

On Tue, 2011-10-25 at 16:12 -0400, Mike Wohlgemuth wrote: > I don't see any way to get fail2ban to reopen the log file without > also forgetting the current ban list. As I recall, it's supposed to make temporary bans. So does it really need to keep a ban list forever? You'd be banning things tha

Re: fail2ban vs. logrotate

On 10/25/2011 4:12 PM, Mike Wohlgemuth wrote: > On 10/25/2011 11:12 AM, Mikkel L. Ellertson wrote: >> It looks like you would have to modify the syslog logrotate script >> and add a second command in the postrotate section after it restarts >> syslogd. Does fail2ban accept a SIGHUP to close and reo

Re: fail2ban vs. logrotate

On 10/25/2011 11:12 AM, Mikkel L. Ellertson wrote: > It looks like you would have to modify the syslog logrotate script > and add a second command in the postrotate section after it restarts > syslogd. Does fail2ban accept a SIGHUP to close and reopen the log file? > > That was my first thought, bu

Re: fail2ban vs. logrotate

On 10/25/2011 01:23 AM, Andre Speelmans wrote: > Change the config file for logrotate so that it does not create a new > file, but that it uses copy-and-truncate. The exact syntax is easily > found in the man-page. > Ah, that looks like what I need. I read the man page and spaced on the implicati

Re: fail2ban vs. logrotate

> It looks like you would have to modify the syslog logrotate script > and add a second command in the postrotate section after it restarts > syslogd. Does fail2ban accept a SIGHUP to close and reopen the log file? Or make it do copy-truncate, which is meant just for these cases where a daemon kee

Re: fail2ban vs. logrotate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 09:07 AM, Andre Speelmans wrote: >> I was referring to the fail2ban RPM. This has to be a problem for >> just about any installation that uses logrotate. > > Most daemons seem to use their own logfile and therefore can use their > own lo

Re: fail2ban vs. logrotate

> I was referring to the fail2ban RPM. This has to be a problem for > just about any installation that uses logrotate. Most daemons seem to use their own logfile and therefore can use their own logrotate configuration script in /etc/logrotate.d. But /var/log/secure is not handled by a specific da

Re: fail2ban vs. logrotate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 12:23 AM, Andre Speelmans wrote: >> It sounds like fail2ban still has the old log file open. You need to >> have logrotate tell fail2ban that the log file has changed. > > Change the config file for logrotate so that it does not create a

Re: fail2ban vs. logrotate

> It sounds like fail2ban still has the old log file open. You need to > have logrotate tell fail2ban that the log file has changed. Change the config file for logrotate so that it does not create a new file, but that it uses copy-and-truncate. The exact syntax is easily found in the man-page. >

Re: fail2ban vs. logrotate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/24/2011 12:14 PM, Mike Wohlgemuth wrote: > I've installed fail2ban on Fedora 15 to block repeated failed ssh > connections. It works great up until logrotate kicks in. When it > rotates /var/log/secure then fail2ban stops noticing failed ssh

Re: fail2ban vs. logrotate

On Mon, Oct 24, 2011 at 20:17, Marvin Kosmal wrote: > Hi > > This does not address your problem directly. > > I use a program called  denyhosts for blocking ssh attempts.  It creates a > list in  /etc/hosts.deny. > > Great program. > +1 to denyhosts. > Good luck > > Marvin > -- Suvayu Open

Re: fail2ban vs. logrotate

On Mon, Oct 24, 2011 at 10:14 AM, Mike Wohlgemuth wrote: > I've installed fail2ban on Fedora 15 to block repeated failed ssh > connections. It works great up until logrotate kicks in. When it > rotates /var/log/secure then fail2ban stops noticing failed ssh > attempts. Using fail2ban-client to