As title...
Fai2ban is a dead software, it doesn't work anymore with python 2.6 and there is no new version since more than two years.
Is there something new?
Is there an alternatives to fail2ban?
-
sblantipodi
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Is there an alternatives to fail2ban?
Denyhosts....
What exactly you want to block?
What exactly you want to block?
-
sblantipodi
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: Is there an alternatives to fail2ban?
denyhosts isn't an alternatives since its able to protect SSH only.
I need to block, dovecot, phpmyadmin, squirrelmail, php injection, apache.
I need to block, dovecot, phpmyadmin, squirrelmail, php injection, apache.
Re: Is there an alternatives to fail2ban?
Since the changelog for fail2ban 0.8.4 has comments in it about using it with python >= 2.6, I think your issue is not what you think it is.
Edit: which version are you using? I see that the latest in rpmforge is 0.8.2 but EPEL has 0.8.4.
Edit: which version are you using? I see that the latest in rpmforge is 0.8.2 but EPEL has 0.8.4.
-
sblantipodi
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: Is there an alternatives to fail2ban?
I'm using the latest from EPEL (0.8.4)
I'm sorry for doulbe posting, really sorry but I explained the problem here:
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32347&forum=56&post_id=138540#forumpost138540
I'm sorry for doulbe posting, really sorry but I explained the problem here:
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32347&forum=56&post_id=138540#forumpost138540
Re: Is there an alternatives to fail2ban?
If I understand that stack trace correctly, it is complaining about the format of your regular expression.
-
sblantipodi
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: Is there an alternatives to fail2ban?
[quote]
TrevorH wrote:
If I understand that stack trace correctly, it is complaining about the format of your regular expression.[/quote]
if you see my regular expression (I posted it in that thread) you can see that it has no error and that it matches without problem with any regexpr calculator.
So where is the problem?
TrevorH wrote:
If I understand that stack trace correctly, it is complaining about the format of your regular expression.[/quote]
if you see my regular expression (I posted it in that thread) you can see that it has no error and that it matches without problem with any regexpr calculator.
So where is the problem?
Re: Is there an alternatives to fail2ban?
The problem is the date format in your log file. It seems that fail2ban doesn't support US date format mm/dd/yyyy hh:mm:ss but works if the file contains the Euro date format dd/mm/yyyy hh:mm:ss.
-
sblantipodi
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: Is there an alternatives to fail2ban?
you are right, but isn't this why we put this
# SquirrelMail 09/13/2007 06:43:20
template = DateStrptime()
template.setName("Month/Day/Year Hour:Minute:Second")
template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%m/%d/%Y %H:%M:%S")
self.__templates.append(template)
into this file?
/usr/share/fail2ban/server/datedetector.py
# SquirrelMail 09/13/2007 06:43:20
template = DateStrptime()
template.setName("Month/Day/Year Hour:Minute:Second")
template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%m/%d/%Y %H:%M:%S")
self.__templates.append(template)
into this file?
/usr/share/fail2ban/server/datedetector.py
-
sblantipodi
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: Is there an alternatives to fail2ban?
I solved by editing:
/etc/fail2ban/filter.d/common.conf
and changing
__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
with this:
__prefix_line = .*?
/etc/fail2ban/filter.d/common.conf
and changing
__prefix_line = \s*(?:\S+ )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
with this:
__prefix_line = .*?