[Dxspider-support] DX-spider fail2ban rules

Joaquin . joaquin at cronux.net
Sat May 23 13:07:02 CEST 2020 

Good contribution Peter.

Thanks for sharing.

73 Kin

El vie., 22 may. 2020 a las 9:34, Peter via Dxspider-support (<
dxspider-support at tobit.co.uk>) escribió:

> Hi
>
> I got fail2ban working and blocks IP's via IPtabels or UFW on a debian
> linux system.
> I make 2 rules to block unwanted behaivor.
>
> First rule blocks multi conenction to the cluster and use the same call.
> This is the result of a bumped off followed by a reconnect.
>
> Make in jail.d a file named: dxc-bumped.conf with:
>      [dxc-bumped]
>      enabled = true
>      logpath = /spider/local_data/log/2020/05.dat
>      bantime = 300
>      maxretry = 1
>
> One note! check the logpath for the log file and change this every month
> :-)
>
> Make in filter.d a file named: dxc-bumped.conf with:
>      [INCLUDES]
>      before = common.conf
>      [Definition]
>      failregex = bumped off by <HOST>, disconnected$
>      ignore regex =
>
> (re)start fail2ban and any reconnection will be lockout for 5 minutes
> (300 seconds)
>
> For a lock out call rules, make 2 new conf files per above with a
> differend name and use as failregex:
>      failregex = on <HOST> is locked out, disconnected$
>
> Results:
>
> root at pi4cc:/etc/fail2ban# fail2ban-client status dxc-locked
> Status for the jail: dxc-locked
> |- Filter
> |  |- Currently failed: 0
> |  |- Total failed:     25
> |  `- File list:        /spider/local_data/log/2020/05.dat
> `- Actions
>     |- Currently banned: 2
>     |- Total banned:     25
>     `- Banned IP list:   70.61.22.78 78.13.227.246
>
> root at pi4cc:/etc/fail2ban# fail2ban-client status dxc-bumped
> Status for the jail: dxc-bumped
> |- Filter
> |  |- Currently failed: 0
> |  |- Total failed:     23
> |  `- File list:        /spider/local_data/log/2020/05.dat
> `- Actions
>     |- Currently banned: 1
>     |- Total banned:     23
>     `- Banned IP list:   77.250.209.142
>
> Peter
> PC2A
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20200523/4bbc68da/attachment.htm>

More information about the Dxspider-support mailing list