Forums

Mansoor
Mansoor
Offline
Resolved
0 votes
I've been doing lots of tests while trying to host two email domains on clearOS. The Attack Detector app (based on fail2ban) did not like that and decided to lock me out of the box.

I'd refereed to the app's documentation and had found the following:
If this application is installed and the 'sshd' rule is enabled, repeated failed log-in attempts will block access with your public IP address. You will need to log in using a different public IP address and White List your blocked public IP address on the Intrusion Prevention app.


I did what the document says and whitelisted the IP on the Intrusion Prevention app, but that didn't lift the ban! I had to login to SSH and issued the following command to unban the IP:

fail2ban-client set sshd unbanip 192.168.0.10

It seems the documentation is wrong in this part or I might be missing something here!
Thursday, January 11 2018, 07:33 PM
Share this post:
Responses (5)
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Thursday, February 08 2018, 03:54 PM - #Permalink
    Resolved
    0 votes
    Great! I checked the documentation and the misleading part is gone.

    As for whitelisting private IP's by default, I strongly stand against it, especially when clearOS is used in business or educational environments. I've witnessed many hacking attempts from within in schools and companies. So, better to be safe than sorry.
    The reply is currently minimized Show
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Thursday, February 08 2018, 03:50 PM - #Permalink
    Resolved
    0 votes
    duplicate!
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 08 2018, 12:37 PM - #Permalink
    Resolved
    0 votes
    I have not yet filed a report, but I did raise teh subject with the Devs on Tuesday under the guise of should all private IP's be whitelisted. This lead onto a bigger discussion but may not cover what you want. Whitelisting private IP's becomes a philosophical discussion because the attacker could also be inside your LAN.

    I've recently got access to the documentation Wiki to write howto's. I'll see if it will let me correct app documentation as well.

    .... Big pause. I do have access and have corrected the documentation.
    The reply is currently minimized Show
  • Accepted Answer

    Mansoor
    Mansoor
    Offline
    Wednesday, February 07 2018, 05:00 PM - #Permalink
    Resolved
    0 votes
    Nick, did you file a bug report for this issue? I can do it if you don't have the time. I just need the link to the clearos' bugs tracker.

    Thank you.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 11 2018, 08:33 PM - #Permalink
    Resolved
    0 votes
    Looks like you're right. There is no webconfig option to whitelist IP's in fail2ban/app-attach-detector. If can be done by editing the ignoreip in /etc/fail2ban/jail.local (or /etc/fail2ban/jail.conf if you insist), but I'd still expect you to have to manually unban as you did. I'll file a bug when I get the energy.
    The reply is currently minimized Show
Your Reply