0015691: Feature Add - fail2ban - ClearFoundation Tracker

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0015691

ClearOS

app-attack-detector - Attack Detector

public

2017-07-11 17:03

2021-11-09 05:37

Reporter

cjones

Assigned To

Priority

low

Severity

feature

Reproducibility

have not tried

Status

closed

Resolution

suspended

Platform

OS Version

Product Version

7.3.0

Target Version

7.6.0 Updates

Fixed in Version

Summary

0015691: Feature Add - fail2ban

Description

Reference ticket number 550491;
Created joe-recidive.conf in /etc/fail2ban/jail.d
[recidive]
enabled = true
maxretry = 3
bantime = 2419200 ; 4 week
findtime = 345600 ; 4 day
I also adjusted the bantimes in the other conf's to 86400 (1 day), so my find time in recidive is set to 4 days.
I am going to see how this works. Maybe adjust bantime to something longer like 12 weeks
The recidive filter in fail2ban, monitors the fail2ban log file. In this case my fail2ban bans ip's for 1 day. If the recidive filter finds 3 occurances in the fail2ban log it will ban it for 4 weeks.
The other solution has it merits that it bans all ports, not just the attacked port.

Tags

No tags attached.

Attached Files

Relationships

Notes
(0015971) NickH (developer) 2021-11-09 05:37	Migrated to https://gitlab.com/clearos/clearfoundation/app-attack-detector/-/issues/14 [^]

Issue History
Date Modified	Username	Field	Change
2017-07-11 17:03	cjones	New Issue
2017-07-11 17:08	dloper	Assigned To	=> dloper
2017-07-11 17:08	dloper	Status	new => assigned
2019-02-23 22:23	dloper	Target Version	=> 7.6.0 Updates
2021-11-09 05:37	NickH	Note Added: 0015971
2021-11-09 05:37	NickH	Status	assigned => closed
2021-11-09 05:37	NickH	Assigned To	dloper =>
2021-11-09 05:37	NickH	Resolution	open => suspended

Community Forums

ClearOS Portal

ClearVM Platform

ClearVM 2 Platform

ClearOS Bug Tracker

Sitemap

Foundation

Company

Partners

Purchase

Contact Us