[BlueOnyx:15246] Re: Dfix/Dfix2
Will Nordmeyer, WnA Consulting Services
will at wnahosting.com
Tue Apr 22 19:55:50 -05 2014
On Wed, 23 Apr 2014 07:28:06 +0800, Greg Kuhnert wrote:
> Hi Will.
> > On 22 Apr 2014, at 3:01 am, Will Nordmeyer, WnA Consulting Services wrote:
> >
> > On my server, it seems that one mistake entering the admin password (and
> > maybe site admin passwords) blocks the offending IP. Since I have a rather
> > complex admin password, I'd like to tweak dfix/dfix2 to give me a slightly
> > wider allowance.
> >
> > I've reviewed dfix2.sh but that just has a start/stop process - the start
> > process makes sure the iptables lists exist, and sets up a list of trusted
> > IPs from the ifconfig & resolv.conf file.
> >
> > dfix.sh appears to do all the work but I haven't managed to track exactly
> > where the limit for bad password is set.
> >
> > I'd also like to improve the logging so that when it blocks an IP, it gives
> > the reason behind it.
> >
> Initially, have a look at /var/log/sec to see details of a reason for
> block. There are rule names like ssh-b1... Let me know which one is hitting
> your log file in this situation, and I can tell you how to tweak.
>
> Note: I am away travelling, but I'll get you a response asap.
>
> Greg.
Greg,
Thanks for taking a look - in the case I'm dealing with (one of my
users is website admin on about 40% of my server), it is accesslog-b2.
I think I'm just not looking at some of the right files.
--Will
More information about the Blueonyx
mailing list