ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0010951ClearOSapp-attack-detector - Attack Detectorpublic2016-10-17 08:452021-11-09 05:29
Reporterdloper 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.2.0 Updates 
Target VersionFixed in Version 
Summary0010951: Add perma-ban to attack detector
DescriptionAdd permanent bans to attack detector. This guide demonstrates the concept.

http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/ [^]
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2016-10-17 08:45dloperNew Issue
2016-10-17 09:28user2Target Version7.3.0 Beta 1 =>
2016-10-17 09:28user2Statusnew => confirmed
2016-10-17 15:36dloperNote Added: 0004041
2016-10-17 15:38dloperNote Edited: 0004041bug_revision_view_page.php?bugnote_id=4041#r1321
2021-11-09 05:29NickHNote Added: 0015961
2021-11-09 05:29NickHStatusconfirmed => closed
2021-11-09 05:29NickHResolutionopen => suspended

Notes
(0004041)
dloper   
2016-10-17 15:36   
(edited on: 2016-10-17 15:38)
550491

test-recidive.conf in /etc/fail2ban/jail.d

[recidive]
enabled = true
maxretry = 3
bantime = 2419200 ; 4 week
findtime = 345600 ; 4 day

I also adjusted the bantimes in the other conf's to 86400 (1 day), so my find time in recidive is set to 4 days.

I am going to see how this works. Maybe adjust bantime to something longer like 12 weeks

The recidive filter in fail2ban, monitors the fail2ban log file. In this case my fail2ban bans ip's for 1 day. If the recidive filter finds 3 occurances in the fail2ban log it will ban it for 4 weeks.
(0015961)
NickH   
2021-11-09 05:29   
Migrated to https://gitlab.com/clearos/clearfoundation/app-attack-detector/-/issues/13 [^]