Just a titbit. Anyone like this? I am working on prettying up the time remaining on the ban. Also the delete button acts immediately without confirmation, which I am not sure about. The other thing I want to do is give an option to whitelist the LANs.
Share this post:
Responses (15)
-
Accepted Answer
-
Accepted Answer
I'm thinking of doing this in bits. In clearos-updates-testing there is a releasable package of what I've done so far. I have formatted the ban time remaining. There is no delete confirmation so deletes are immediate but there isn't a delete confirmation in some other apps.
Next on the list may be whitelisting of the LANS, but if what I've done so fat is OK, I'll release it as it is.
To update do:
yum update app-attack-detector --enablerepo=clearos-updates-testing
-
Accepted Answer
-
Accepted Answer
Isn't is correct there, but I'll clarify.
Some apps seem to have a delete confirmation dialog and others (e.g ibVPN) don't. Others like the DNS app does have a delete confirmation. I'll have to try to crib that code, but for the moment app-attack-detector does not have a delete confirmation dialog. I think it is more normal to have a delete dialog so I'll have to work on it.
There is also an obscure bug in the app on testing that only a command line tinkerer would come across. I have a custom jail which blocks whole subnets and the subnet fails to sort correctly in IP order. It is a trivial fix and will not hold up me from releasing the app to the Community.
If you are testing, you can add your own ban to a jail with:
It looks like I also have to tidy up on the Name/Rule headers as they are inconsistent. I'll probably call them both "Jail Name"fail2ban-client set {jail-name} banip {ip_to_ban}
And, as normal, it will go to the Community first then to Paid. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
@Marcel, I don't understand what you are saying, Attack Detector worked anyway, but at the bottom of the screen there was just a log of the most recent bans (some of which may no longer be active). This log has been replaced with a list of all current bans and a button has been added to enable you to remove the ban.
I've just released an update to testing with delete confirmation:
You should get version 2.3.11-1.rm -rf /var/cache/yum
yum update app-attack-detector --enablerepo=clearos-updates-testing -
Accepted Answer
I think we have a misunderstanding. My bad.
I was convinced that the update you made only was available for community but the update is also available in the clearos-updates-testing repo on business. I guess the is the same repo as on community?
I updated the attack-detector and tested the confirmation. Really nice Nick your a pro! -
Accepted Answer
The for our apps the workflow is clearos-updates-testing -> clearos-updates (which is a Community repo) -> clearos-verified (which is a paid repo). Paid users can always grab the packaged from the earlier repos if they want.
Clearos-updates-testing is just a repo and there is no concept of a Community updates-testing repo and a Paid updates-testing repo.
The workflow is not so good with packages in contribs as there is no separate repo for the paid users so releases here go to both Community and Paid at the same time. -
Accepted Answer
-
Accepted Answer
There is now another update to the Attack Detector app which adds an option to whitelist your LANs. This can be useful when, for example, setting up e-mail packages which often assume the full e-mail address is the username and you get banned when trying to set the user up. Or if you are doing some testing on your LAN.
As before, you can upgrade with:
Note this will not be released next week as I'll be on holiday.rm -rf /var/cache/yum
yum update app-attack-detector --enablerepo=clearos-updates-testing
If enabled, if you are in gateway mode, any LAN (so not HotLAN or DMZ) will be whitelisted as will any subnet covered by static routes using the EXTRALANS parameter in /etc/clearos/network.conf. If you are in standalone mode, it will whitelist all interfaces and anything covered by the EXTRALANS parameter in /etc/clearos/network.conf. -
Accepted Answer
Nick Howitt wrote:
There is now another update to the Attack Detector app which adds an option to whitelist your LANs. This can be useful when, for example, setting up e-mail packages which often assume the full e-mail address is the username and you get banned when trying to set the user up. Or if you are doing some testing on your LAN.
As before, you can upgrade with:
Note this will not be released next week as I'll be on holiday.rm -rf /var/cache/yum
yum update app-attack-detector --enablerepo=clearos-updates-testing
If enabled, if you are in gateway mode, any LAN (so not HotLAN or DMZ) will be whitelisted as will any subnet covered by static routes using the EXTRALANS parameter in /etc/clearos/network.conf. If you are in standalone mode, it will whitelist all interfaces and anything covered by the EXTRALANS parameter in /etc/clearos/network.conf.
Nice addon. I've installed the update and will monitor it
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »