Difference between revisions of "Main Page"
From Wiki.onotech.org
(→Getting started) |
(→Firewalls/Blocked IPs) |
||
Line 4: | Line 4: | ||
== Firewalls/Blocked IPs == | == Firewalls/Blocked IPs == | ||
+ | APF | ||
+ | Blacklist | ||
+ | vim /etc/apf/deny_hosts.rules | ||
+ | |||
+ | |||
+ | Whitelist | ||
+ | vim /etc/apf/allow_hosts.rules | ||
+ | |||
+ | |||
+ | Config file | ||
+ | vim /etc/apf/conf.apf | ||
+ | |||
+ | |||
+ | Restart | ||
+ | /etc/init.d/apf restart | ||
+ | |||
+ | |||
+ | Flush IP Tables | ||
+ | iptables -F | ||
+ | |||
+ | |||
+ | CSF | ||
+ | Blacklist | ||
+ | vim /etc/csf/csf.deny | ||
+ | |||
+ | |||
+ | Whitelist | ||
+ | vim /etc/csf/csf.allow | ||
+ | |||
+ | |||
+ | Restart | ||
+ | csf -r | ||
+ | |||
+ | |||
+ | Configuration | ||
+ | vim /etc/csf/csf.conf | ||
+ | |||
+ | |||
+ | login failure log | ||
+ | /var/log/lfd.log | ||
+ | |||
+ | |||
+ | Fun Output, IP address and the LFD trigger that got it blocked: | ||
+ | |||
+ | grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D' | ||
+ | |||
+ | |||
+ | looks like | ||
+ | 118.98.66.56 ==blocked for==> [LF_SMTPAUTH] | ||
+ | 92.38.233.191 ==blocked for==> [LF_SSHD] | ||
+ | 104.167.104.147 ==blocked for==> [LF_SSHD] | ||
+ | 73.179.232.255 ==blocked for==> [LF_CPANEL] | ||
+ | 118.163.76.38 ==blocked for==> [LF_SMTPAUTH] |
Revision as of 17:37, 1 October 2017
MediaWiki has been installed.
Consult the User's Guide for information on using the wiki software.
Firewalls/Blocked IPs
APF Blacklist
vim /etc/apf/deny_hosts.rules
Whitelist
vim /etc/apf/allow_hosts.rules
Config file
vim /etc/apf/conf.apf
Restart
/etc/init.d/apf restart
Flush IP Tables
iptables -F
CSF
Blacklist
vim /etc/csf/csf.deny
Whitelist
vim /etc/csf/csf.allow
Restart
csf -r
Configuration
vim /etc/csf/csf.conf
login failure log
/var/log/lfd.log
Fun Output, IP address and the LFD trigger that got it blocked:
grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D'
looks like
118.98.66.56 ==blocked for==> [LF_SMTPAUTH] 92.38.233.191 ==blocked for==> [LF_SSHD] 104.167.104.147 ==blocked for==> [LF_SSHD] 73.179.232.255 ==blocked for==> [LF_CPANEL] 118.163.76.38 ==blocked for==> [LF_SMTPAUTH]