#1  
Old 18th September 2012, 17:24
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 142
Thanks: 27
Thanked 18 Times in 13 Posts
Question Fail2Ban rule for MyDNS

Anybody has Fail2Ban rule for MyDNS?

I installed MyDNS as suggested by ISPConfig3 official user manual. I paid 5 Euro for it.
Reply With Quote
Sponsored Links
  #2  
Old 19th September 2012, 14:47
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Why do you want a fail2ban rule for a DNS server?

There are no logins...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th September 2012, 18:13
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 142
Thanks: 27
Thanked 18 Times in 13 Posts
Question

Hi falko,

But I see a fail2ban filter for named inside its filter directory.
Reply With Quote
  #4  
Old 20th September 2012, 12:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Can you post its contents so that I can see what logins fail2ban is trying to track?

BTW, if you have a filter file, you already have the fail2ban rule in it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 20th September 2012, 21:18
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 142
Thanks: 27
Thanked 18 Times in 13 Posts
Default

named-refused.conf


# Fail2Ban configuration file for named (bind9). Trying to generalize the
# structure which is general to capture general patterns in log
# lines to cover different configurations/distributions
#
# Author: Yaroslav Halchenko
#
# $Revision: 730 $
#

[Definition]

#
# Daemon name
_daemon=named

#
# Shortcuts for easier comprehension of the failregex
__pid_re=(?:\[\d+\])
__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_r e)s|%(__daemon_re)s%(__pid_re)s?
# hostname daemon_id spaces
# this can be optional (for instance if we match named native log files)
__line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = %(__line_prefix)sclient <HOST>#.+: query(?: \(cache\))? '.*' denied\s*$

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Reply With Quote
  #6  
Old 20th September 2012, 21:20
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 142
Thanks: 27
Thanked 18 Times in 13 Posts
 
Default

jail.local



# DNS Servers

# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
# channel security_file {
# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category security {
# security_file;
# };
# };
#
# in your named.conf to provide proper logging

# Word of Caution:
# Given filter can lead to DoS attack against your DNS server
# since there is no way to assure that UDP packets come from the
# real source IP
[named-refused-udp]

enabled = false
port = domain,953
protocol = udp
filter = named-refused
logpath = /var/log/named/security.log

[named-refused-tcp]

enabled = false
port = domain,953
protocol = tcp
filter = named-refused
logpath = /var/log/named/security.log
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Fail2ban florix.net Installation/Configuration 4 26th January 2011 00:53
fail2ban rule pure-ftpd - opensuse 11.3 Decibell Server Operation 1 19th December 2010 13:32
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Need help with fail2ban on centos 5.3 rlischer Installation/Configuration 3 14th August 2009 11:47
Set Up Ubuntu-Server 6.10 As A Firewall/Gateway knowram Installation/Configuration 10 13th June 2007 01:37


All times are GMT +2. The time now is 15:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.