Saturday, August 30, 2008

Fail2Ban - CentOS - Devcot

After looking at my logs I noticed that someone is trying to crack devcot, here is what you need todo to setup fail2ban to block the ips of the attacker.

You will need to create a filter file for dovecot, the first regex rule I got from the fail2ban wiki, and the second is something I came up with:

=========/etc/fail2ban/filter.d/dovecot.conf==========

# Fail2Ban configuration file
#
# Author: Maxim Badran
#
# $Revision: 1 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = dovecot.*auth\(default\): pam\(.*,<host>\): pam_authenticate\(\) failed:
dovecot.*authentication failure.*rhost\=<host>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

=======================================

Now you need to add a new jail to /etc/fail2ban/jail.conf

===================
[dovecot-iptables]

enabled = true
filter = dovecot
action = iptables[name=Dovecot, port=110, protocol=tcp]
sendmail-whois[name=Dovecot, dest=you@yourdomain.com, sender=fail2ban@yourdomain.com]
logpath = /var/log/secure
maxretry = 5

===================
Note if pop3 is not using port 110, edit the section above and replace 110 with the pop3 port.

The last step is to reload the fail2ban rules:
fail2ban-client reload

at Saturday, August 30, 2008

Fail2Ban - CentOS

Well a couple of days ago I had to setup fail2ban on a centos 5.2 server. Here is a quick how to:

First you need to install the program, you can do it with yum:

yum update
yum install fail2ban

Set it to startup automatically with the system:

chkconfig --levels 235 fail2ban on


Ok now just edit /etc/fail2ban/jail.conf

enable the jails, and be sure to set the to and from addresses (as you do want to get the reports).

To start it up without a reboot:

/etc/init.d/fail2ban start

So now you have everything setup.

For more details please see:
http://www.fail2ban.org

at Saturday, August 30, 2008

Sunday, May 25, 2008

Moving

Well I am going to be moving soon, got a new place just waiting for the DSL line to be setup there. It is a nice 2 room apartment in a quiet suburb of L'viv, also known as Cekhiv.

at Sunday, May 25, 2008

Thursday, April 24, 2008

Netbeans

I have been playing around with Netbeans 6.1 and wow that is something that going to be great. I cannot wait for the Final release to be pushed out.

at Thursday, April 24, 2008

Tuesday, March 18, 2008

Cleaning some things up and some plans

Well I just removed the two news blocks that I had on this blog. I think they were just taking too much space.

I am going to get a Debian server running at home this week. I guess that would need to messing around with, but I am planning on getting everything to work and having fun learning some new stuff.

On another note, still waiting for the Eeepc to debut in Ukraine, as I think this would be something I would want to own and play with.

And I am thinking of scrapping my other projects at the moment, as I do not have any time for that. Well one project can be resumed after the server would be setup is the CMS I am planning on working on (but this is still undecided, maybe i will just do some plug-ins for joomla or drupal). Eclipse should be explored more, since this is one nice platform.

Well this is what was was going in my mind at the moment... Bye for now.

at Tuesday, March 18, 2008

Labels: ,

Thursday, November 29, 2007

Tar

Here is a little tip about using Tar. If you want to exclude multiple files or folders and are using a wildcard "*" , then you should put --exclude in front of every "path/to/file/*".

tar -zPcf /media/sda4/test/bkp/1.tar.gz /media/sda4/test/ --exclude "/media/sda4/test/d1/*" --exclude "/media/sda4/test/1/*"
The above would tar a the test folder to the backup folder, without the contents of d1 and 1.

at Thursday, November 29, 2007

Labels: ,

Friday, November 16, 2007

Keiv Trip

This was on Tuesday, a cold, and some what wet day in Kiev (not that cold, and more on the snowy side). Anyways it was a good day out. Loads of fun, and running around the city. Some of the pictures are up on Facebook. Here is a link to the gallery.


Some of the more interesting parts of the trip were the fact that we all agreed that to living in a large city is not the way to go. And that we all love L'viv a tad more.... Kiev has some nice aspects like the Metro, but it does not hold anything to the Charm of L'viv

at Friday, November 16, 2007

Thursday, November 01, 2007

Google Search

We started working with google's business search. This an incredible application, that does wonders. Well it is made by google :) . Easy to setup and use.

at Thursday, November 01, 2007

Subscribe to: Posts (Atom)