=== scottrigby_away is now known as scottrigby | ||
=== scottrigby is now known as scottrigby_away | ||
=== jthan_ is now known as jthan | ||
pvl1 | ChinnoDog: havent seen u on a long time. remember your name tho | 04:07 |
---|---|---|
pvl1 | least im pretty sure | 04:07 |
=== bts3685 is now known as btsSHUTTHEHELLUP | ||
=== btsSHUTTHEHELLUP is now known as bts3685 | ||
teddy-dbear | Morning peoples, dogs, turkeys and everything else | 12:02 |
ChinnoDog | pvl1: seen me on IRC or "seen" me? | 13:22 |
jedijf | paranoid much? | 13:30 |
ChinnoDog | Stop stalking me jedijf | 13:54 |
jedijf | turn around | 13:56 |
bts3685 | heh | 15:04 |
=== scottrigby_away is now known as scottrigby | ||
=== scottrigby is now known as scottrigby_away | ||
=== scottrigby_away is now known as scottrigby | ||
=== scottrigby is now known as scottrigby_away | ||
=== scottrigby_away is now known as scottrigby | ||
bts3685 | jedijf: jthan: pleia2: just registered #project.phree if you want to idle in there | 16:24 |
bts3685 | we can play the silent game | 16:24 |
=== hochiBijseK is now known as KesjiBihcoh | ||
ChinnoDog | bts3685: What is that channel for? | 19:16 |
KesjiBihcoh | prolly to idle | 19:17 |
KesjiBihcoh | just like every other channel on any irc server is for | 19:17 |
bts3685 | heh. it's for the mesh network project | 19:17 |
ChinnoDog | I am good at idling | 19:18 |
pleia2 | ChinnoDog: if you had gone to fosscon, you would know! | 19:18 |
jedijf | pleia2++**^ | 19:20 |
jedijf | ! | 19:20 |
bts3685 | pleia2++ | 19:20 |
jedijf | game-set-match | 19:20 |
bts3685 | guilt_tripping++ | 19:20 |
ChinnoDog | :-( | 19:20 |
pleia2 | well, you said you never learn anything at conferences :) | 19:21 |
pleia2 | but see, you would have! | 19:21 |
ChinnoDog | I guess | 19:22 |
jedijf | ChinnoDog: we jest - we missed you | 19:22 |
pleia2 | +1 | 19:23 |
ChinnoDog | ok. Maybe next time. | 19:23 |
jedijf | our luck, next time you won't learn anything | 19:23 |
ChinnoDog | Don't let it be too boring and everything will be ok. | 19:24 |
jedijf | ChinnoDog: actually i think you would of like the vr demo - everyone looked like they were having a good time with the helmet on | 19:25 |
jedijf | at least it looked that way | 19:25 |
jedijf | and there were tee shirts | 19:25 |
jedijf | and demon ears | 19:25 |
jedijf | and tattoos | 19:25 |
MutantTurkey | anyone here worked with fail2ban? | 19:28 |
jthan | We've all used it | 19:28 |
MutantTurkey | I am properly catching and fail2ban thinks its banning the IP's, but then iptables doesn't appear to actually block them | 19:28 |
jthan | thinks? | 19:29 |
MutantTurkey | or at least from what I can tell from iptables -L http://paste.kde.org/p87b7dbf1/ | 19:29 |
MutantTurkey | yes, [ssh-iptables] Ban 129.25.15.183 | 19:29 |
MutantTurkey | yet I can still login from that IP (it was my laptop) | 19:29 |
MutantTurkey | so it thinks it's blocked, but isn't actually | 19:29 |
bts3685 | MutantTurkey: did you iptables -L -n | 19:29 |
bts3685 | err | 19:29 |
bts3685 | iptables -L -n | grep 129.25.15.183 | 19:30 |
bts3685 | it might have also expired the ban depending on how long you have the expire set to | 19:30 |
jedijf | time limit | 19:30 |
MutantTurkey | http://paste.kde.org/p34c2820f/ | 19:30 |
MutantTurkey | no it's still banned | 19:30 |
MutantTurkey | weird..... all 0.0.0.0/0 ? | 19:31 |
bts3685 | that's ACCEPT chain | 19:31 |
MutantTurkey | right? | 19:31 |
bts3685 | except for the last rule in INPUT | 19:31 |
MutantTurkey | on like 8? | 19:32 |
bts3685 | what server are you hitting? | 19:32 |
MutantTurkey | ? what do you mean | 19:32 |
MutantTurkey | it's a server at my work | 19:32 |
bts3685 | on which server are you attempting to configure fail2ban | 19:32 |
jthan | MutantTurkey: Did you set it up to save these bans somewhere and reinitiate them on reboot? | 19:33 |
MutantTurkey | the specific address? 129.25.59.125 | 19:33 |
MutantTurkey | jthan: no, but we don't really reboot often | 19:33 |
MutantTurkey | jthan: i am really just starting to get it up and working, haven't even lookd into that | 19:34 |
bts3685 | MutantTurkey: k, do: watch "iptables -L -n | grep 71.230.176.221" and let me know if/when it pops up | 19:34 |
MutantTurkey | yeah I am watching my log messages | 19:35 |
MutantTurkey | except it's not atching you... | 19:35 |
MutantTurkey | weird... i wonder if my regex is kinda crappy still | 19:35 |
MutantTurkey | bts3685: it should have caught you after like 3 tries | 19:35 |
bts3685 | shonuff. show me your regex. there should be a default rule that ships for iptables-ssh | 19:35 |
MutantTurkey | right, seems like opensuse configuration sucks by default. | 19:36 |
bts3685 | .... you're using opensuse? | 19:36 |
bts3685 | that's your problem right there | 19:36 |
MutantTurkey | give me a break, i don't get to pick | 19:36 |
MutantTurkey | i _know_ | 19:36 |
MutantTurkey | it is the worst | 19:36 |
MutantTurkey | there is nothing good about it | 19:36 |
MutantTurkey | but my boss doesn't want to upgrade numerous servers | 19:37 |
bts3685 | but joking aside, did you restart the daemon? | 19:37 |
MutantTurkey | just did | 19:37 |
MutantTurkey | http://paste.kde.org/p7b78bc1a/ | 19:37 |
MutantTurkey | those are my regex's | 19:37 |
MutantTurkey | ah looks like it banned you. | 19:38 |
MutantTurkey | bts3685: ok looks like you got banned. | 19:38 |
MutantTurkey | "banned" | 19:38 |
jthan | MutantTurkey: does the daemon have the rights to actually modify ipt? | 19:39 |
bts3685 | 'cept i didn't | 19:39 |
bts3685 | http://pastebin.com/SQxKvU1Y is the default filter for sshd | 19:39 |
MutantTurkey | jthan: not sure... doesit need a certain group or something? | 19:39 |
bts3685 | bts@maqabi /opt/dev/phree $ date;ssh root@129.25.59.125 | 19:39 |
bts3685 | Wed Aug 14 15:39:43 EDT 2013 | 19:39 |
bts3685 | Password: | 19:39 |
bts3685 | Password: | 19:39 |
MutantTurkey | yep. | 19:40 |
bts3685 | Received disconnect from 129.25.59.125: 2: Too many authentication failures for root | 19:40 |
bts3685 | so, yeah. seems it's not actually applying the rule. check your action.d entry that matches | 19:40 |
jedijf | and set no root | 19:41 |
bts3685 | and yeah, it needs to execute as root to actually apply the rule, but i don't see why that would be changed unless you installed it from source or something | 19:41 |
MutantTurkey | jedijf: I can't. | 19:41 |
MutantTurkey | also bullshit, but yeah I can't | 19:41 |
jedijf | i didn't even try root assuming it was set to no | 19:41 |
MutantTurkey | i've told htem about 500 times, and done it a few, and torn down their excuses over and over again | 19:41 |
MutantTurkey | but like I said... they loose everything, i've got it in writing that I told em. | 19:41 |
jedijf | i would change 22 too, but whatevs | 19:42 |
jthan | Real men use 22 | 19:42 |
jedijf | that's why i hang with pleia2 | 19:42 |
jthan | She uses 22, I bet | 19:42 |
pleia2 | I don't believe in security by obscurity | 19:42 |
jthan | Told you. | 19:43 |
bts3685 | jthan: real men use portknock with a 2+ sequence :P | 19:43 |
MutantTurkey | hmmm looks like they can't even use version control properly... | 19:43 |
MutantTurkey | "iptables.conf, iptables-new.conf" | 19:43 |
MutantTurkey | sigh | 19:43 |
MutantTurkey | from opensuse. | 19:43 |
bts3685 | jthan: it doesn't *hurt* though. relying on a different port shouldn't be the only security for ssh, but it certainly doesn't hurt and cuts down on the skid attempts | 19:44 |
jthan | bts3685: you go home. | 19:44 |
jedijf | sysadmins like having reading full logs | 19:44 |
bts3685 | jthan: i *am* home | 19:44 |
bts3685 | telecommute, bitches | 19:44 |
MutantTurkey | jthan: fail2ban is running as root. | 19:44 |
jedijf | having/reading | 19:44 |
jedijf | oh look, here comes china, it must be tea time | 19:45 |
jthan | MutantTurkey: wait, did you say you don't have root? | 19:48 |
MutantTurkey | I do. | 19:48 |
jthan | oh. | 19:48 |
MutantTurkey | I cannot disable root ssh access though | 19:48 |
MutantTurkey | ah... iptables is not running? | 19:48 |
MutantTurkey | is there an iptables daemon? | 19:48 |
bts3685 | not per se | 19:49 |
MutantTurkey | didn't think so | 19:49 |
bts3685 | but there is an init script that manages static rules | 19:49 |
bts3685 | i think. i haven't touched opensuse in about 7 years now, so i have no idea what the hell they use these days | 19:49 |
MutantTurkey | they do have another firewall, but we aren't using it | 19:50 |
bts3685 | you should honestly just set up shorewall and use that | 19:50 |
bts3685 | especially since it has build-in rate-limiting | 19:50 |
MutantTurkey | 'just setup' doesn't exist on opensuse | 19:50 |
bts3685 | "The standard RPM package from shorewall.net and the mirrors is known to work with SUSEā¢...." http://www.shorewall.net/Install.htm | 19:51 |
bts3685 | http://rpm.pbone.net/index.php3?stat=3&search=shorewall&srodzaj=3 | 19:52 |
MutantTurkey | sure, and my fail2ban package was from the repositories | 19:52 |
=== scottrigby is now known as scottrigby_away | ||
=== scottrigby_away is now known as scottrigby | ||
MutantTurkey | hmm I can manually execute all the commands | 20:38 |
bts3685 | then check the path for the iptables binary | 20:40 |
bts3685 | try giving it the full path to iptables | 20:40 |
MutantTurkey | just went into debug mode... | 20:41 |
MutantTurkey | DEBUG iptables -n -L INPUT | grep -q fail2ban-SSH returned successfully | 20:41 |
MutantTurkey | but I never see my drop action getting called. | 20:42 |
MutantTurkey | actionBan | 20:42 |
bts3685 | i'm going to quote a man i take great inspiration from, my boss: | 20:43 |
bts3685 | "try harder." | 20:43 |
MutantTurkey | yep | 20:43 |
MutantTurkey | yeah looks like its not getting called | 20:53 |
MutantTurkey | weirdest fix EVER | 20:58 |
MutantTurkey | https://github.com/fail2ban/fail2ban/commit/0935566 | 20:59 |
=== scottrigby is now known as scottrigby_away | ||
adom | whoa, i think i had two irssi sessions open in two different screen sessions without noticing it | 21:25 |
adom | wait, no. my nick wouldve changed. | 21:25 |
* adom shrugs. | 21:25 | |
adom | down to one now | 21:25 |
adom | and this time, ill keep it off | 21:25 |
adom | (that was a weight loss joke) | 21:26 |
adom | (you're welcome) | 21:26 |
=== scottrigby_away is now known as scottrigby | ||
=== scottrigby is now known as scottrigby_away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!