[BlueOnyx:15245] Re: Dfix/Dfix2

[Greg Kuhnert]

Hi Will.

On 22 Apr 2014, at 3:01 am, Will Nordmeyer, WnA Consulting Services <will at wnahosting.com> wrote:

> On my server, it seems that one mistake entering the admin password (and maybe site admin passwords) blocks the offending IP.  Since I have a rather complex admin password, I'd like to tweak dfix/dfix2 to give me a slightly wider allowance.
> 
> I've reviewed dfix2.sh but that just has a start/stop process - the start process makes sure the iptables lists exist, and sets up a list of trusted IPs from the ifconfig & resolv.conf file.
> 
> dfix.sh appears to do all the work but I haven't managed to track exactly where the limit for bad password is set.
> 
> I'd also like to improve the logging so that when it blocks an IP, it gives the reason behind it.
> 

Initially, have a look at /var/log/sec to see details of a reason for block. There are rule names like ssh-b1... Let me know which one is hitting your log file in this situation, and I can tell you how to tweak.

Note: I am away travelling, but I'll get you a response asap.

Greg.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140423/84d9debc/attachment.html>