Nick Howitt wrote:

There is now another update to the Attack Detector app which adds an option to whitelist your LANs. This can be useful when, for example, setting up e-mail packages which often assume the full e-mail address is the username and you get banned when trying to set the user up. Or if you are doing some testing on your LAN.

As before, you can upgrade with:

rm -rf /var/cache/yum

yum update app-attack-detector --enablerepo=clearos-updates-testing

Note this will not be released next week as I'll be on holiday.

If enabled, if you are in gateway mode, any LAN (so not HotLAN or DMZ) will be whitelisted as will any subnet covered by static routes using the EXTRALANS parameter in /etc/clearos/network.conf. If you are in standalone mode, it will whitelist all interfaces and anything covered by the EXTRALANS parameter in /etc/clearos/network.conf.

Nice addon. I've installed the update and will monitor it

There is now another update to the Attack Detector app which adds an option to whitelist your LANs. This can be useful when, for example, setting up e-mail packages which often assume the full e-mail address is the username and you get banned when trying to set the user up. Or if you are doing some testing on your LAN.

As before, you can upgrade with:

rm -rf /var/cache/yum

yum update app-attack-detector --enablerepo=clearos-updates-testing

Note this will not be released next week as I'll be on holiday.

If enabled, if you are in gateway mode, any LAN (so not HotLAN or DMZ) will be whitelisted as will any subnet covered by static routes using the EXTRALANS parameter in /etc/clearos/network.conf. If you are in standalone mode, it will whitelist all interfaces and anything covered by the EXTRALANS parameter in /etc/clearos/network.conf.

This was released to the Community last night.

I am now working on the Whitelist LAN's feature. I have the UI display working but have to make it do something.

Okay, thanks for clarifying this.

The for our apps the workflow is clearos-updates-testing -> clearos-updates (which is a Community repo) -> clearos-verified (which is a paid repo). Paid users can always grab the packaged from the earlier repos if they want.

Clearos-updates-testing is just a repo and there is no concept of a Community updates-testing repo and a Paid updates-testing repo.

The workflow is not so good with packages in contribs as there is no separate repo for the paid users so releases here go to both Community and Paid at the same time.

I think we have a misunderstanding. My bad.

I was convinced that the update you made only was available for community but the update is also available in the clearos-updates-testing repo on business. I guess the is the same repo as on community?

I updated the attack-detector and tested the confirmation. Really nice Nick your a pro!

@Marcel, I don't understand what you are saying, Attack Detector worked anyway, but at the bottom of the screen there was just a log of the most recent bans (some of which may no longer be active). This log has been replaced with a list of all current bans and a button has been added to enable you to remove the ban.

I've just released an update to testing with delete confirmation:

rm -rf /var/cache/yum

yum update app-attack-detector --enablerepo=clearos-updates-testing

You should get version 2.3.11-1.

Noticed the update for Business. Appreciated!

Opened port 22 for a couple of minutes. So I immediately had login attempts. It does it's work nicely. No problems to report. Nice.

Okay, thanks for clarifying. I have to setup a VM on my Windows machine to test. Cool stuff.

Isn't is correct there, but I'll clarify.

Some apps seem to have a delete confirmation dialog and others (e.g ibVPN) don't. Others like the DNS app does have a delete confirmation. I'll have to try to crib that code, but for the moment app-attack-detector does not have a delete confirmation dialog. I think it is more normal to have a delete dialog so I'll have to work on it.

There is also an obscure bug in the app on testing that only a command line tinkerer would come across. I have a custom jail which blocks whole subnets and the subnet fails to sort correctly in IP order. It is a trivial fix and will not hold up me from releasing the app to the Community.

If you are testing, you can add your own ban to a jail with:

fail2ban-client set {jail-name} banip {ip_to_ban}

It looks like I also have to tidy up on the Name/Rule headers as they are inconsistent. I'll probably call them both "Jail Name"

And, as normal, it will go to the Community first then to Paid.

The is only a release for community?

Nick Howitt wrote:

There is no delete confirmation so deletes are immediate but there isn't a delete confirmation in some other apps.

Isn't or is? is "isn't" a typo? The sentence sounds a bit strange this way.

I'm thinking of doing this in bits. In clearos-updates-testing there is a releasable package of what I've done so far. I have formatted the ban time remaining. There is no delete confirmation so deletes are immediate but there isn't a delete confirmation in some other apps.

Next on the list may be whitelisting of the LANS, but if what I've done so fat is OK, I'll release it as it is.

To update do:

yum update app-attack-detector --enablerepo=clearos-updates-testing

Cool. Great job Nick

Cool Nick! The delete button and the timers are nice. You want to add a confirmation box? Indeed a good idea to warn users extra. Whitelisting LANs.. nice!

<off topic>
Sorry about the rant from last post. I know you are in a difficult situation and you can't solve the lake of communication.