Andrew Cooke | Contents | Latest | RSS | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Choochoo Training Diary

Last 100 entries

[Programming] React Leaflet; AliExpress Independent Sellers; Applebaum - Twilight of Democracy; [Politics] Back + US Elections; [Programming,Exercise] Simple Timer Script; [News] 2019: The year revolt went global; [Politics] The world's most-surveilled cities; [Bike] Hope Freehub; [Restaurant] Mama Chau's (Chinese, Providencia); [Politics] Brexit Podcast; [Diary] Pneumonia; [Politics] Britain's Reichstag Fire moment; install cairo; [Programming] GCC Sanitizer Flags; [GPU, Programming] Per-Thread Program Counters; My Bike Accident - Looking Back One Year; [Python] Geographic heights are incredibly easy!; [Cooking] Cookie Recipe; Efficient, Simple, Directed Maximisation of Noisy Function; And for argparse; Bash Completion in Python; [Computing] Configuring Github Jekyll Locally; [Maths, Link] The Napkin Project; You can Masquerade in Firewalld; [Bike] Servicing Budget (Spring) Forks; [Crypto] CIA Internet Comms Failure; [Python] Cute Rate Limiting API; [Causality] Judea Pearl Lecture; [Security, Computing] Chinese Hardware Hack Of Supermicro Boards; SQLAlchemy Joined Table Inheritance and Delete Cascade; [Translation] The Club; [Computing] Super Potato Bruh; [Computing] Extending Jupyter; Further HRM Details; [Computing, Bike] Activities in ch2; [Books, Link] Modern Japanese Lit; What ended up there; [Link, Book] Logic Book; Update - Garmin Express / Connect; Garmin Forerunner 35 v 230; [Link, Politics, Internet] Government Trolls; [Link, Politics] Why identity politics benefits the right more than the left; SSH Forwarding; A Specification For Repeating Events; A Fight for the Soul of Science; [Science, Book, Link] Lost In Math; OpenSuse Leap 15 Network Fixes; Update; [Book] Galileo's Middle Finger; [Bike] Chinese Carbon Rims; [Bike] Servicing Shimano XT Front Hub HB-M8010; [Bike] Aliexpress Cycling Tops; [Computing] Change to ssh handling of multiple identities?; [Bike] Endura Hummvee Lite II; [Computing] Marble Based Logic; [Link, Politics] Sanity Check For Nuclear Launch; [Link, Science] Entropy and Life; [Link, Bike] Cheap Cycling Jerseys; [Link, Music] Music To Steal 2017; [Link, Future] Simulated Brain Drives Robot; [Link, Computing] Learned Index Structures; Solo Air Equalization; Update: Higher Pressures; Psychology; [Bike] Exercise And Fuel; Continental Race King 2.2; Removing Lowers; Mnesiacs; [Maths, Link] Dividing By Zero; [Book, Review] Ray Monk - Ludwig Wittgenstein: The Duty Of Genius; [Link, Bike, Computing] Evolving Lacing Patterns; [Jam] Strawberry and Orange Jam; [Chile, Privacy] Biometric Check During Mail Delivery; [Link, Chile, Spanish] Article on the Chilean Drought; [Bike] Extended Gear Ratios, Shimano XT M8000 (24/36 Chainring); [Link, Politics, USA] The Future Of American Democracy; Mass Hysteria; [Review, Books, Links] Kazuo Ishiguro - Never Let Me Go; [Link, Books] David Mitchell's Favourite Japanese Fiction; [Link, Bike] Rear Suspension Geometry; [Link, Cycling, Art] Strava Artwork; [Link, Computing] Useful gcc flags; [Link] Voynich Manuscript Decoded; [Bike] Notes on Servicing Suspension Forks; [Links, Computing] Snap, Flatpack, Appimage; [Link, Computing] Oracle is leaving Java (to die); [Link, Politics] Cubans + Ultrasonics; [Book, Link] Laurent Binet; VirtualBox; [Book, Link] No One's Ways; [Link] The Biggest Problem For Cyclists Is Bad Driving; [Computing] Doxygen, Sphinx, Breathe; [Admin] Brokw Recent Permalinks; [Bike, Chile] Buying Bearings in Santiago; [Computing, Opensuse] Upgrading to 42.3; [Link, Physics] First Support for a Physics Theory of Life; [Link, Bike] Peruvian Frame Maker; [Link] Awesome Game Theory Tit-For-Tat Thing; [Food, Review] La Fabbrica - Good Italian Food In Santiago; [Link, Programming] MySQL UTF8 Broken; [Link, Books] Latin American Authors

© 2006-2017 Andrew Cooke (site) / post authors (content).

Using fail2ban on OpenSuse 12.3

From: andrew cooke <andrew@...>

Date: Sat, 13 Apr 2013 09:27:15 -0300

With my bridged modem I am now receiving connections directly from the
internet.  Which is great, but means that people are trying to hack me.  Since
the only port I have open is ssh that means people are trying to log-in all
day - the system log is full of wanrnings.

So I installed fail2ban.  Which is very neat.  It checks the log(s) and blocks
any IPs that appear there.  However, the configuration out-of-the-box is
useless.  Hence this post, which shows what I did to make it work.

First, I added the service:
  systemctl enable fail2ban.service

Then I added the file jail.local to /etc/fail2ban:

  [DEFAULT]

  # 12 hours
  bantime = 43200


  [ssh-iptables]

  enabled = true
  action   = hostsdeny
	     sendmail-whois[name=SSH, dest=andrew, sender=fail2ban]
  logpath  = /var/log/messages

Which does the following:
 - It bans people (IP addresses) for 12 hours
 - It enables the ssh-iptables "jail" (task, or whatever)
 - It calls the hostsdeny function to ban people (more on that below)
 - It sends me an email when someone is bannde
 - It checks the log file /var/log/messages

Note that all the things changed above are different from the default!  The
base install doesn't enable anything, uses iptables to block, only blocks for
10 minutes, doesn't check the correct logs for ssh, etc etc.

I also modified /etc/fail2ban/filter.d/sshd.conf to include more matcher
lines.  These are fairly self-explanatory:

 ^%(__prefix_line)sAddress <HOST> maps to \S*, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!$
 ^%(__prefix_line)sReceived disconnect from <HOST>: 11: Bye Bye \[preauth\]$

The first appears to have been remove from the default distribution because it
can also be triggered by bad DNS; the second may result in some addresses
being flagged twice for a single connection (default config requres 5 flags
for blocking).

Finally, the reason I used hostsdeny as the action is that the iptables action
doesn't work (from the fail2ban.log):

  2013-04-12 20:23:46,782 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]' returned 100
  2013-04-12 20:23:46,783 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
  2013-04-12 20:23:46,792 fail2ban.actions.action: ERROR  iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
  iptables -F fail2ban-SSH
  iptables -X fail2ban-SSH returned 100

Using hostsdeny changes the /etc/hosts/deny file instead:

  # cat /etc/hosts.deny

  http-rman : ALL EXCEPT LOCAL

  ALL: 221.224.33.70
  ALL: 202.164.33.106
  ALL: 183.60.20.36

(the last three lines have been added).

Oh, and don't forget to start the service:
  systemctl start fail2ban.service

Andrew

Comment on this post