=== scottrigby_away is now known as scottrigby === scottrigby is now known as scottrigby_away === jthan_ is now known as jthan [04:07] ChinnoDog: havent seen u on a long time. remember your name tho [04:07] least im pretty sure === bts3685 is now known as btsSHUTTHEHELLUP === btsSHUTTHEHELLUP is now known as bts3685 [12:02] Morning peoples, dogs, turkeys and everything else [13:22] pvl1: seen me on IRC or "seen" me? [13:30] paranoid much? [13:54] Stop stalking me jedijf [13:56] turn around [15:04] heh === scottrigby_away is now known as scottrigby === scottrigby is now known as scottrigby_away === scottrigby_away is now known as scottrigby === scottrigby is now known as scottrigby_away === scottrigby_away is now known as scottrigby [16:24] jedijf: jthan: pleia2: just registered #project.phree if you want to idle in there [16:24] we can play the silent game === hochiBijseK is now known as KesjiBihcoh [19:16] bts3685: What is that channel for? [19:17] prolly to idle [19:17] just like every other channel on any irc server is for [19:17] heh. it's for the mesh network project [19:18] I am good at idling [19:18] ChinnoDog: if you had gone to fosscon, you would know! [19:20] pleia2++**^ [19:20] ! [19:20] pleia2++ [19:20] game-set-match [19:20] guilt_tripping++ [19:20] :-( [19:21] well, you said you never learn anything at conferences :) [19:21] but see, you would have! [19:22] I guess [19:22] ChinnoDog: we jest - we missed you [19:23] +1 [19:23] ok. Maybe next time. [19:23] our luck, next time you won't learn anything [19:24] Don't let it be too boring and everything will be ok. [19:25] ChinnoDog: actually i think you would of like the vr demo - everyone looked like they were having a good time with the helmet on [19:25] at least it looked that way [19:25] and there were tee shirts [19:25] and demon ears [19:25] and tattoos [19:28] anyone here worked with fail2ban? [19:28] We've all used it [19:28] I am properly catching and fail2ban thinks its banning the IP's, but then iptables doesn't appear to actually block them [19:29] thinks? [19:29] or at least from what I can tell from iptables -L http://paste.kde.org/p87b7dbf1/ [19:29] yes, [ssh-iptables] Ban 129.25.15.183 [19:29] yet I can still login from that IP (it was my laptop) [19:29] so it thinks it's blocked, but isn't actually [19:29] MutantTurkey: did you iptables -L -n [19:29] err [19:30] iptables -L -n | grep 129.25.15.183 [19:30] it might have also expired the ban depending on how long you have the expire set to [19:30] time limit [19:30] http://paste.kde.org/p34c2820f/ [19:30] no it's still banned [19:31] weird..... all 0.0.0.0/0 ? [19:31] that's ACCEPT chain [19:31] right? [19:31] except for the last rule in INPUT [19:32] on like 8? [19:32] what server are you hitting? [19:32] ? what do you mean [19:32] it's a server at my work [19:32] on which server are you attempting to configure fail2ban [19:33] MutantTurkey: Did you set it up to save these bans somewhere and reinitiate them on reboot? [19:33] the specific address? 129.25.59.125 [19:33] jthan: no, but we don't really reboot often [19:34] jthan: i am really just starting to get it up and working, haven't even lookd into that [19:34] MutantTurkey: k, do: watch "iptables -L -n | grep 71.230.176.221" and let me know if/when it pops up [19:35] yeah I am watching my log messages [19:35] except it's not atching you... [19:35] weird... i wonder if my regex is kinda crappy still [19:35] bts3685: it should have caught you after like 3 tries [19:35] shonuff. show me your regex. there should be a default rule that ships for iptables-ssh [19:36] right, seems like opensuse configuration sucks by default. [19:36] .... you're using opensuse? [19:36] that's your problem right there [19:36] give me a break, i don't get to pick [19:36] i _know_ [19:36] it is the worst [19:36] there is nothing good about it [19:37] but my boss doesn't want to upgrade numerous servers [19:37] but joking aside, did you restart the daemon? [19:37] just did [19:37] http://paste.kde.org/p7b78bc1a/ [19:37] those are my regex's [19:38] ah looks like it banned you. [19:38] bts3685: ok looks like you got banned. [19:38] "banned" [19:39] MutantTurkey: does the daemon have the rights to actually modify ipt? [19:39] 'cept i didn't [19:39] http://pastebin.com/SQxKvU1Y is the default filter for sshd [19:39] jthan: not sure... doesit need a certain group or something? [19:39] bts@maqabi /opt/dev/phree $ date;ssh root@129.25.59.125 [19:39] Wed Aug 14 15:39:43 EDT 2013 [19:39] Password: [19:39] Password: [19:40] yep. [19:40] Received disconnect from 129.25.59.125: 2: Too many authentication failures for root [19:40] so, yeah. seems it's not actually applying the rule. check your action.d entry that matches [19:41] and set no root [19:41] and yeah, it needs to execute as root to actually apply the rule, but i don't see why that would be changed unless you installed it from source or something [19:41] jedijf: I can't. [19:41] also bullshit, but yeah I can't [19:41] i didn't even try root assuming it was set to no [19:41] i've told htem about 500 times, and done it a few, and torn down their excuses over and over again [19:41] but like I said... they loose everything, i've got it in writing that I told em. [19:42] i would change 22 too, but whatevs [19:42] Real men use 22 [19:42] that's why i hang with pleia2 [19:42] She uses 22, I bet [19:42] I don't believe in security by obscurity [19:43] Told you. [19:43] jthan: real men use portknock with a 2+ sequence :P [19:43] hmmm looks like they can't even use version control properly... [19:43] "iptables.conf, iptables-new.conf" [19:43] sigh [19:43] from opensuse. [19:44] jthan: it doesn't *hurt* though. relying on a different port shouldn't be the only security for ssh, but it certainly doesn't hurt and cuts down on the skid attempts [19:44] bts3685: you go home. [19:44] sysadmins like having reading full logs [19:44] jthan: i *am* home [19:44] telecommute, bitches [19:44] jthan: fail2ban is running as root. [19:44] having/reading [19:45] oh look, here comes china, it must be tea time [19:48] MutantTurkey: wait, did you say you don't have root? [19:48] I do. [19:48] oh. [19:48] I cannot disable root ssh access though [19:48] ah... iptables is not running? [19:48] is there an iptables daemon? [19:49] not per se [19:49] didn't think so [19:49] but there is an init script that manages static rules [19:49] i think. i haven't touched opensuse in about 7 years now, so i have no idea what the hell they use these days [19:50] they do have another firewall, but we aren't using it [19:50] you should honestly just set up shorewall and use that [19:50] especially since it has build-in rate-limiting [19:50] 'just setup' doesn't exist on opensuse [19:51] "The standard RPM package from shorewall.net and the mirrors is known to work with SUSE™...." http://www.shorewall.net/Install.htm [19:52] http://rpm.pbone.net/index.php3?stat=3&search=shorewall&srodzaj=3 [19:52] sure, and my fail2ban package was from the repositories === scottrigby is now known as scottrigby_away === scottrigby_away is now known as scottrigby [20:38] hmm I can manually execute all the commands [20:40] then check the path for the iptables binary [20:40] try giving it the full path to iptables [20:41] just went into debug mode... [20:41] DEBUG iptables -n -L INPUT | grep -q fail2ban-SSH returned successfully [20:42] but I never see my drop action getting called. [20:42] actionBan [20:43] i'm going to quote a man i take great inspiration from, my boss: [20:43] "try harder." [20:43] yep [20:53] yeah looks like its not getting called [20:58] weirdest fix EVER [20:59] https://github.com/fail2ban/fail2ban/commit/0935566 === scottrigby is now known as scottrigby_away [21:25] whoa, i think i had two irssi sessions open in two different screen sessions without noticing it [21:25] wait, no. my nick wouldve changed. [21:25] * adom shrugs. [21:25] down to one now [21:25] and this time, ill keep it off [21:26] (that was a weight loss joke) [21:26] (you're welcome) === scottrigby_away is now known as scottrigby === scottrigby is now known as scottrigby_away