Re: swamp rat bots Q

To: debian-user@lists.debian.org
Subject: Re: swamp rat bots Q
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Thu, 3 Dec 2020 09:14:29 -0500
Message-id: <[🔎] 20201203141429.GA915@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 202012030902.47624.gheskett@shentel.net>
References: <[🔎] 202012030735.27875.gheskett@shentel.net> <[🔎] 8c477ad1-7de5-0c9c-349c-d407d111e589@mail.com> <[🔎] 202012030902.47624.gheskett@shentel.net>

On Thu, Dec 03, 2020 at 09:02:47AM -0500, Gene Heskett wrote:
> Yes John. But explain to me what fail2ban is sopposed to do?

It's supposed to "monitor" (tail -F equivalent) your log files, and
look for anomalies.  If it finds one, it's supposed to take action,
which is typically adding an entry to iptables.

> Its running, but has failed to ban anything no matter what sort of 403's 
> I return.

You need to configure it.  Tell it what log files to read, what is to
be considered an anomaly, and what action to take.

Reply to:

Follow-Ups:
- Re: swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>

References:
- swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>
- Re: swamp rat bots Q
  - From: john doe <johndoe65534@mail.com>
- Re: swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: swamp rat bots Q
Next by Date: Re: Cron Jobs and Time Zones Has Anything Changed?
Previous by thread: Re: swamp rat bots Q
Next by thread: Re: swamp rat bots Q
Index(es):
- Date
- Thread