Nethserver-fail2ban needs testers

Hi, @stephdl. Yes, the e-mail is quite long. Normally I just check, to find, that it come from some Internet provider network in China or in Ukraine. But sometimes the information is worth reporting.
Like tho one I get tonight.

Hi,

The IP 13.92.197.252 has just been banned by Fail2Ban after
3 attempts against sshd.


Here is more information about 13.92.197.252 :

[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 13.92.197.252"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=13.92.197.252?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange:       13.64.0.0 - 13.107.255.255
CIDR:           13.104.0.0/14, 13.64.0.0/11, 13.96.0.0/13
NetName:        MSFT
NetHandle:      NET-13-64-0-0-1
Parent:         NET13 (NET-13-0-0-0-0)
NetType:        Direct Assignment
OriginAS:
Organization:   Microsoft Corporation (MSFT)
RegDate:        2015-03-26
Updated:        2015-03-26
Ref:            https://whois.arin.net/rest/net/NET-13-64-0-0-1



OrgName:        Microsoft Corporation
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-10
Updated:        2015-10-28
Comment:        To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment:        * https://cert.microsoft.com.
Comment:
Comment:        For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment:        * abuse@microsoft.com.
Comment:
Comment:        To report security vulnerabilities in Microsoft products and services, please contact:
Comment:        * secure@microsoft.com.
Comment:
Comment:        For legal and law enforcement-related requests, please contact:
Comment:        * msndcc@microsoft.com
Comment:
Comment:        For routing, peering or DNS issues, please
Comment:        contact:
Comment:        * IOC@microsoft.com
Ref:            https://whois.arin.net/rest/org/MSFT


OrgTechHandle: MRPD-ARIN
OrgTechName:   Microsoft Routing, Peering, and DNS
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  IOC@microsoft.com
OrgTechRef:    https://whois.arin.net/rest/poc/MRPD-ARIN

OrgAbuseHandle: MAC74-ARIN
OrgAbuseName:   Microsoft Abuse Contact
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@microsoft.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/MAC74-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Regards,

Fail2Ban`

could you check why bounty source show only 1 active bounty (moodle) on first page and also in bounties?

i think it should display 3 active bounty and $25
tnx

I added a note in the wiki page

That’s a good question, sincerely I don’t know i will try to figure something out

@alefattorini any news on this?

Waiting for the bountysoruce team’s answer, I’ll keep you posted

Oh yes!

The bounty on “Fail2ban package [$20]” has increased to $20: @WillZen increased the bounty by $5. The bounty will be awarded to the developer who successfully closes out this issue.

there is already some jails for openvpn?

like this:

Not yet

Nextcloud guys are discussing this feature here

@dnutan posted a $15 bounty 2 days ago on this module. Who else wants to contribute?
@stephdl would you like to set a goal in case the bounty is too low for you?

Whoo-hoo! Great shoot!
The bounty on “Fail2ban package [$35]” has increased to $40 @StreetGuru increased the bounty by $5. The bounty will be awarded to the developer who successfully closes out this issue.

The work is done on my side, I pushed to nethforge-testing the rpms that you could find on my download folder. I plan to remove them once the work is validated by testers here. Nethserver-delegated-panel and nethserver-rh-mysl56 are not ready yet to be pushed.

I’m quite busy ATM, and ready to go to andalucia for three weeks, so I won’t be easily reachable. The best is that once you will validate the work, then you should push the rpms yourself to nethforge.

@+

I have it installed in NS6.8 and it works like a charm - always nice to receive the occasional mail telling me some ip just got banned

I’ve tried installing in NS7b with the same command i installed in NS6:

yum install http://mirror.de-labrusse.fr/nethserver/nethserver-fail2ban/nethserver-fail2ban-0.0.7-1.ns6.sdl.noarch.rpm --enablerepo=epel

but I get an error:

Transaction check error:
      file /usr/bin from install of nethserver-fail2ban-0.0.7-1.ns6.sdl.noarch conflicts with file from package filesystem-3.2-20.el7.x86_64

When I try to install from nethforge-testing with

yum install nethserver-ddclient --enablerepo=nethforge-testing

it tells me

No package nethserver-ddclient available

Is there any way to get it running in NS7 at the moment?

Thanks

Both packages need to be rebuilt for NethServer 7.
Would you like to try?

Edit: I’m sure fail2ban would need to be modified to analyze logs produced by CentOS7.

I think I cant use this forum, it gets too confusing sometimes - how do you quote the post above?

anyway, and again:

Sure i would like to try - though I will need a lot of guidance!

I highlight the text, then a context menu appears with quote reply.

gotcha!

edit: lol, a plus side is that i just won “My First Quote”

Learn so much

It would be awesome, who wants to give it a try?