[04:07] <pvl1> ChinnoDog: havent seen u on a long time. remember your name tho
[04:07] <pvl1> least im pretty sure
[12:02] <teddy-dbear> Morning peoples, dogs, turkeys and everything else
[13:22] <ChinnoDog> pvl1: seen me on IRC or "seen" me?
[13:30] <jedijf> paranoid much?
[13:54] <ChinnoDog> Stop stalking me jedijf
[13:56] <jedijf> turn around
[15:04] <bts3685> heh
[16:24] <bts3685> jedijf: jthan: pleia2: just registered #project.phree if you want to idle in there
[16:24] <bts3685> we can play the silent game
[19:16] <ChinnoDog> bts3685: What is that channel for?
[19:17] <KesjiBihcoh> prolly to idle
[19:17] <KesjiBihcoh> just like every other channel on any irc server is for
[19:17] <bts3685> heh. it's for the mesh network project
[19:18] <ChinnoDog> I am good at idling
[19:18] <pleia2> ChinnoDog: if you had gone to fosscon, you would know!
[19:20] <jedijf> pleia2++**^
[19:20] <jedijf> !
[19:20] <bts3685> pleia2++
[19:20] <jedijf> game-set-match
[19:20] <bts3685> guilt_tripping++
[19:20] <ChinnoDog> :-(
[19:21] <pleia2> well, you said you never learn anything at conferences :)
[19:21] <pleia2> but see, you would have!
[19:22] <ChinnoDog> I guess
[19:22] <jedijf> ChinnoDog: we jest - we missed you
[19:23] <pleia2> +1
[19:23] <ChinnoDog> ok. Maybe next time.
[19:23] <jedijf> our luck, next time you won't learn anything
[19:24] <ChinnoDog> Don't let it be too boring and everything will be ok.
[19:25] <jedijf> ChinnoDog: actually i think you would of like the vr demo - everyone looked like they were having a good time with the helmet on
[19:25] <jedijf> at least it looked that way
[19:25] <jedijf> and there were tee shirts
[19:25] <jedijf> and demon ears
[19:25] <jedijf> and tattoos
[19:28] <MutantTurkey> anyone here worked with fail2ban?
[19:28] <jthan> We've all used it
[19:28] <MutantTurkey> I am properly catching and fail2ban thinks its banning the IP's, but then iptables doesn't appear to actually block them
[19:29] <jthan> thinks?
[19:29] <MutantTurkey> or at least from what I can tell from iptables -L http://paste.kde.org/p87b7dbf1/
[19:29] <MutantTurkey> yes, [ssh-iptables] Ban 129.25.15.183
[19:29] <MutantTurkey> yet I can still login from that IP (it was my laptop)
[19:29] <MutantTurkey> so it thinks it's blocked, but isn't actually
[19:29] <bts3685> MutantTurkey: did you iptables -L -n
[19:29] <bts3685> err
[19:30] <bts3685> iptables -L -n | grep 129.25.15.183
[19:30] <bts3685> it might have also expired the ban depending on how long you have the expire set to
[19:30] <jedijf> time limit
[19:30] <MutantTurkey> http://paste.kde.org/p34c2820f/
[19:30] <MutantTurkey> no it's still banned
[19:31] <MutantTurkey> weird..... all 0.0.0.0/0 ?
[19:31] <bts3685> that's ACCEPT chain
[19:31] <MutantTurkey> right?
[19:31] <bts3685> except for the last rule in INPUT
[19:32] <MutantTurkey> on like 8?
[19:32] <bts3685> what server are you hitting?
[19:32] <MutantTurkey> ? what do you mean
[19:32] <MutantTurkey> it's a server at my work
[19:32] <bts3685> on which server are you attempting to configure fail2ban
[19:33] <jthan> MutantTurkey: Did you set it up to save these bans somewhere and reinitiate them on reboot?
[19:33] <MutantTurkey> the specific address? 129.25.59.125
[19:33] <MutantTurkey> jthan: no, but we don't really reboot often
[19:34] <MutantTurkey> jthan: i am really just starting to get it up and working, haven't even lookd into that
[19:34] <bts3685> MutantTurkey: k, do: watch "iptables -L -n | grep 71.230.176.221" and let me know if/when it pops up
[19:35] <MutantTurkey> yeah I am watching my log messages
[19:35] <MutantTurkey> except it's not atching you...
[19:35] <MutantTurkey> weird... i wonder if my regex is kinda crappy still
[19:35] <MutantTurkey> bts3685: it should have caught you after like 3 tries
[19:35] <bts3685> shonuff. show me your regex. there should be a default rule that ships for iptables-ssh
[19:36] <MutantTurkey> right, seems like opensuse configuration sucks by default.
[19:36] <bts3685> .... you're using opensuse?
[19:36] <bts3685> that's your problem right there
[19:36] <MutantTurkey> give me a break, i don't get to pick
[19:36] <MutantTurkey> i _know_
[19:36] <MutantTurkey> it is the worst
[19:36] <MutantTurkey> there is nothing good about it
[19:37] <MutantTurkey> but my boss doesn't want to upgrade numerous servers
[19:37] <bts3685> but joking aside, did you restart the daemon?
[19:37] <MutantTurkey> just did
[19:37] <MutantTurkey> http://paste.kde.org/p7b78bc1a/
[19:37] <MutantTurkey> those are my regex's
[19:38] <MutantTurkey> ah looks like it banned you.
[19:38] <MutantTurkey> bts3685: ok looks like you got banned.
[19:38] <MutantTurkey> "banned"
[19:39] <jthan> MutantTurkey: does the daemon have the rights to actually modify ipt?
[19:39] <bts3685> 'cept i didn't
[19:39] <bts3685> http://pastebin.com/SQxKvU1Y is the default filter for sshd
[19:39] <MutantTurkey> jthan: not sure... doesit need a certain group or something?
[19:39] <bts3685> bts@maqabi /opt/dev/phree $ date;ssh root@129.25.59.125
[19:39] <bts3685> Wed Aug 14 15:39:43 EDT 2013
[19:39] <bts3685> Password:
[19:39] <bts3685> Password:
[19:40] <MutantTurkey> yep.
[19:40] <bts3685> Received disconnect from 129.25.59.125: 2: Too many authentication failures for root
[19:40] <bts3685> so, yeah. seems it's not actually applying the rule. check your action.d entry that matches
[19:41] <jedijf> and set no root
[19:41] <bts3685> and yeah, it needs to execute as root to actually apply the rule, but i don't see why that would be changed unless you installed it from source or something
[19:41] <MutantTurkey> jedijf: I can't.
[19:41] <MutantTurkey> also bullshit, but yeah I can't
[19:41] <jedijf> i didn't even try root assuming it was set to no
[19:41] <MutantTurkey> i've told htem about 500 times, and done it a few, and torn down their excuses over and over again
[19:41] <MutantTurkey> but like I said... they loose everything, i've got it in writing that I told em.
[19:42] <jedijf> i would change 22 too, but whatevs
[19:42] <jthan> Real men use 22
[19:42] <jedijf> that's why i hang with pleia2
[19:42] <jthan> She uses 22, I bet
[19:42] <pleia2> I don't believe in security by obscurity
[19:43] <jthan> Told you.
[19:43] <bts3685> jthan: real men use portknock with a 2+ sequence :P
[19:43] <MutantTurkey> hmmm looks like they can't even use version control properly...
[19:43] <MutantTurkey> "iptables.conf, iptables-new.conf"
[19:43] <MutantTurkey> sigh
[19:43] <MutantTurkey> from opensuse.
[19:44] <bts3685> jthan: it doesn't *hurt* though. relying on a different port shouldn't be the only security for ssh, but it certainly doesn't hurt and cuts down on the skid attempts
[19:44] <jthan> bts3685: you go home.
[19:44] <jedijf> sysadmins like having reading full logs
[19:44] <bts3685> jthan: i *am* home
[19:44] <bts3685> telecommute, bitches
[19:44] <MutantTurkey> jthan: fail2ban is running as root.
[19:44] <jedijf> having/reading
[19:45] <jedijf> oh look, here comes china, it must be tea time
[19:48] <jthan> MutantTurkey: wait, did you say you don't have root?
[19:48] <MutantTurkey> I do.
[19:48] <jthan> oh.
[19:48] <MutantTurkey> I cannot disable root ssh access though
[19:48] <MutantTurkey> ah... iptables is not running?
[19:48] <MutantTurkey> is there an iptables daemon?
[19:49] <bts3685> not per se
[19:49] <MutantTurkey> didn't think so
[19:49] <bts3685> but there is an init script that manages static rules
[19:49] <bts3685> i think. i haven't touched opensuse in about 7 years now, so i have no idea what the hell they use these days
[19:50] <MutantTurkey> they do have another firewall, but we aren't using it
[19:50] <bts3685> you should honestly just set up shorewall and use that
[19:50] <bts3685> especially since it has build-in rate-limiting
[19:50] <MutantTurkey> 'just setup' doesn't exist on opensuse
[19:51] <bts3685> "The standard RPM package from shorewall.net and the mirrors is known to work with SUSE™...." http://www.shorewall.net/Install.htm
[19:52] <bts3685> http://rpm.pbone.net/index.php3?stat=3&search=shorewall&srodzaj=3
[19:52] <MutantTurkey> sure, and my fail2ban package was from the repositories
[20:38] <MutantTurkey> hmm I can manually execute all the commands
[20:40] <bts3685> then check the path for the iptables binary
[20:40] <bts3685> try giving it the full path to iptables
[20:41] <MutantTurkey> just went into debug mode...
[20:41] <MutantTurkey> DEBUG  iptables -n -L INPUT | grep -q fail2ban-SSH returned successfully
[20:42] <MutantTurkey> but I never see my drop action getting called.
[20:42] <MutantTurkey> actionBan
[20:43] <bts3685> i'm going to quote a man i take great inspiration from, my boss:
[20:43] <bts3685> "try harder."
[20:43] <MutantTurkey> yep
[20:53] <MutantTurkey> yeah looks like its not getting called
[20:58] <MutantTurkey> weirdest fix EVER
[20:59] <MutantTurkey> https://github.com/fail2ban/fail2ban/commit/0935566
[21:25] <adom> whoa, i think i had two irssi sessions open in two different screen sessions without noticing it
[21:25] <adom> wait, no. my nick wouldve changed.
[21:25]  * adom shrugs.
[21:25] <adom> down to one now
[21:25] <adom> and this time, ill keep it off
[21:26] <adom> (that was a weight loss joke)
[21:26] <adom> (you're welcome)