ClearFoundation Tracker - ClearOS
View Issue Details
0015691ClearOSapp-attack-detector - Attack Detectorpublic2017-07-11 17:032021-11-09 05:37
cjones 
 
lowfeaturehave not tried
closedsuspended 
7.3.0 
7.6.0 Updates 
0015691: Feature Add - fail2ban
Reference ticket number 550491;
Created joe-recidive.conf in /etc/fail2ban/jail.d
[recidive]
enabled = true
maxretry = 3
bantime = 2419200 ; 4 week
findtime = 345600 ; 4 day
I also adjusted the bantimes in the other conf's to 86400 (1 day), so my find time in recidive is set to 4 days.
I am going to see how this works. Maybe adjust bantime to something longer like 12 weeks
The recidive filter in fail2ban, monitors the fail2ban log file. In this case my fail2ban bans ip's for 1 day. If the recidive filter finds 3 occurances in the fail2ban log it will ban it for 4 weeks.
The other solution has it merits that it bans all ports, not just the attacked port.
No tags attached.
Issue History
2017-07-11 17:03cjonesNew Issue
2017-07-11 17:08dloperAssigned To => dloper
2017-07-11 17:08dloperStatusnew => assigned
2019-02-23 22:23dloperTarget Version => 7.6.0 Updates
2021-11-09 05:37NickHNote Added: 0015971
2021-11-09 05:37NickHStatusassigned => closed
2021-11-09 05:37NickHAssigned Todloper =>
2021-11-09 05:37NickHResolutionopen => suspended

Notes
(0015971)
NickH   
2021-11-09 05:37   
Migrated to https://gitlab.com/clearos/clearfoundation/app-attack-detector/-/issues/14 [^]