17 Search results

For the term "fail2ban".

fail2ban.actions.action: ERROR iptables -D

fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport –dports http,https -j fail2ban-apache-xxxxxxxxxxxxxxxxxxx iptables -F fail2ban-apache-xxxxxxxxxxxxxxxxxxx iptables -X fail2ban-apache-xxxxxxxxxxxxxxxxxxx returned 200 iptables only allows rules of up to 30 characters Shorten the name of the conf file solves the error

Fail2ban ERROR /bin/sh iptables No such file or directory

In Fail2ban version 0.9 running on Debian 9 server fail2ban.action [17325]: ERROR -n -L INPUT | grep -q ‘f2b- [ \t]’ — stderr: b’/bin/sh: iptables: No such file or directory\n’ [edit] /etc/fail2ban/action.d/iptables-common.conf [change] iptables = iptables [to] /sbin/iptables = iptables

Setup Fail2ban for Debian and Ubuntu

My Notes Only taken from various sources. There are other much more complete guides for Fail2ban available. Install Fail2ban sudo apt-get install fail2ban filter definitions located in /etc/fail2ban/filter.d action definitions located in /etc/fail2ban/action.d The following is a minimal setup. Configure Fail2ban sudo vi /etc/fail2ban/jail.conf Configuration for jail.conf destemail = you@example.com # Email of where alerts should be sent to ignoreip...

How to Customize Apache Log Format for Fail2ban

Customize apache2 other_vhosts_access.log format so fail2ban can use it. sudo vi /etc/apache2/apache2.conf On line 255 insert LogFormat “%t %v:%p %h %l %u \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” fail2ban Comment out the following line #LogFormat “%v:%p %h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” vhost_combined sudo vi /etc/apache2/conf.d/other-vhosts-access-log change the end of the line (or duplicate and comment out) as...

Fail2ban Mysql Database to Manage Persistent Bans

Step 1 Create Database and Tables in MySQL Add a “source” field for the server name if you want to use a remote database setup (and add it to the UNIQUE KEY). The UNIQUE KEY prevents duplicates of course. But this means you can refresh the perl script without handling duplicates there which would complicate things considerably. CREATE TABLE iptable...

Fail2ban Apache2 Access Log Regex Fails

Changing banaction to ROUTE worked, while IPTABLES-ALLPORTS failed with error No Host Found 2014-09-26 10:55:24,662 fail2ban.filter : ERROR No ‘host’ found in ‘113.71.191.49 – – [ +0000] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 500 833 “-” “-” ‘ using ‘‘ [apache-phpmyadmin-access] enabled = true #banaction = iptables-allports banaction = route port = http,https filter = apache-phpmyadmin-access logpath = /var/log/apache2/access.log maxretry = 0 #...

How To Harden Debian Server

Its not enough to harden just Debain. Its necessary to harden the rest of Apache-MySQL-PHP as well. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Disabling SSH root login and settings sudo vi /etc/ssh/sshd_config change PermitRootLogin yes to PermitRootLogin no LoginGraceTime 120 to LoginGraceTime 30 add line AllowUsers username username username Consider disabling...

Harden Ubuntu Server 12.04 LTS

Its not enough to harden just Ubuntu. Its necessary to harden the rest of LAMP as well. So here is how I do it. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Harden PHP – and tune performance sudo apt-get install php5-suhosin sudo vi /etc/php5/apache2/php.ini uncomment this code or update setting max_execution_time =...

How To Manage Fail2ban Using Perl Script On Remote Servers and A Control Mysql Database

Earlier I posted how to use a text file created by a script to similarly manage the rogue IPs that Fail2ban bans. The problem with using scripts and crontab is that it is not reporting in real-time. The method here works in real-time because Fail2ban reports directly to the MySQL on the control server. On each remote you’ll want to...

Debian 9 Stretch Apache 2.4 MariaDB 10.1.26 PHP 7.0

Installation notes for Debian 9 Apache 2.4 MariaDB 10.1.26 PHP 7.0 differ somewhat from prior LAMP installations. Also included here are notes on PSAD and Fail2ban. PSAD requires netstat which is no longer included in Debian 9 apt-get install net-tools apt-get install apache2 apt-get install software-properties-common apt-get install mariadb-server sudo /usr/bin/mysql_secure_installation sudo mysql -v

How To Monitor Ubuntu Server

tail -f /var/log/apache2/error.log tail -f /var/log/apache2/access.log tail -f /var/log/apache2/other_vhosts_access.log tail -f /var/log/auth.log tail -f /var/log/daemon.log tail -f /var/log/fail2ban.log tail -f /var/log/mail.log tail -f /var/log/main.warn tail -f /var/log/mysql.log tail -f /var/log/mysql.err tail -f /var/log/syslog tail -f /var/log/user.log sudo tail -f /var/log/Bastille/action-log sudo tail -f /var/log/Bastille/error-log

Basic Apache Commands

Starting Apache sudo /etc/init.d/apache2 start sudo service apache2 start Restarting Apache sudo /etc/init.d/apache2 restart sudo service apache2 restart sudo apachectl -k restart Gracefully Kill Apache Children (does not kill or stop Apache) sudo apachectl -k graceful Stopping Apache sudo /etc/init.d/apache2 stop sudo service apache2 stop sudo apachectl -k stop View Apache Logs sudo tail -f /var/log/apache2/error.log sudo tail -f /var/log/apache2/access.log...

Setup LAMP Server Debian 9 Apache 2.4 MarianDB Php 7

Prerequisite is a fresh remote server with Debian 9 Stretch installed and booted From remote terminal Block all traffic iptable -F iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP Create a User sudo useradd -d /home/username -m username Set the User’s Password sudo passwd username Add the User to the Admin Group sudo adduser username adm...

[Webmaster Tools] http://www.example.com/: Googlebot can’t access your site

I am posting this unsolved mystery – as an ongoing problem – instead of posting to a forum. Comment if you like. I’l update when I find the solution. I get the typical message from Google [Webmaster Tools] http://www.example.com/: Googlebot can’t access your site. I run LAMP servers with Netfilter (iptables) with PSAD and Fail2ban. I check iptables for any...

After Installing Debian 7 Desktop

Checklist of things to do after installing Debian Gnome The first problem you have with a brand new linux (Debian/Ubuntu) install is the user is not setup in sudoers. So first thing: login as root su sudo adduser username sudo sudo vi /etc/sudoers give permissions to your new user – below root username ALL=(ALL:ALL) ALL alternately – unsecure username ALL=(ALL)...

Privacy Preference Center