Dr Fragen in the operating room

fail2ban

  • Fail2ban Problems and Solutions

    ·

    If you use Fail2ban then you are probably aware of the fact that you must add a rule number to the ipfw deny rule for actionban in ipfw.conf. If you don’t add a rule number then there is no way for fail2ban to delete the rule after it expires. The problem lies in that you…

    Read More

  • Checking Fail2ban regex

    ·

    I’ve just stumbled across a great command in Fail2ban to check whether or not your filter will actually score a hit from your log file. From the command line. [code lang=bash] $ fail2ban-regex /path/to/logfile /etc/fail2ban/filter.d/myfilter.conf regex_to_ignore [/code] As an example. [code lang=bash] $ fail2ban-regex /var/log/secure.log /etc/fail2ban/filter.d/sshd.conf (myusername|myIPaddress) [/code] This seems like a great way to…

    Read More

  • Fail2ban and OS X Server, Part Deux

    ·

    As some of you might know I run my own installation of OS X Server. I’ve since updated it to Snow Leopard Server and I think I’ve got most of it running well. As I check my server logs frequently I find that there are all sorts of script kiddies attempting to log in to…

    Read More

  • Fail2ban on Leopard Server

    ·

    So here I am running my own server — for almost 2 years now. It’s been a real learning experience and I’ve tried to share. My latest add-on has been fail2ban. I got tired of looking into my logs and seeing where script kiddies or bots were trying to take control of my server. Fortunately,…

    Read More