how to install fail2ban on a WL700g

[medsource]

i got it installed, basically it works with python 2.4 too,
at least it showed me the configuration settings with using

Code:

$ fail2ban-client -d

but i didn't get it working, during the configuration phase
i had to do some reboots of my Wl700g and somehow i
managed to brick my asus. first it got crazy with constantly
rebooting and after resetting the device all configuration of
my shares was lost.

will see if i can retrieve my config somehow

brgds

What errors appeared in your syslog? what logging level were you using? did the same thing happen when installing / running under python2.5? Did you modify the jail.conf before running in non-debug mode?

[tiwag]

hi medsource

got everything on my router working again

my problem wasn't related to the configuration of fail2ban,
now i know, that since i had edited the root user's homepath,
then my WL700g got crazy on reboot.

now i want to work further on getting fail2ban to work.

my problem is, how can i get dropbear and vsftp to write their
log entries into a logfile, which can be read by fail2ban ?

any solution which wouldn't disable the standard syslog provided
by syslogd, and access with logread command would be preferred.
i tried using syslog-ng which basically works, but syslogd and klogd
have to be disabled if syslog-ng shall be used.

medsource, how did you manage this issue ?

thanks && brgds

[medsource]

hi medsource

got everything on my router working again

my problem wasn't related to the configuration of fail2ban,
now i know, that since i had edited the root user's homepath,
then my WL700g got crazy on reboot.

now i want to work further on getting fail2ban to work.

my problem is, how can i get dropbear and vsftp to write their
log entries into a logfile, which can be read by fail2ban ?

any solution which wouldn't disable the standard syslog provided
by syslogd, and access with logread command would be preferred.
i tried using syslog-ng which basically works, but syslogd and klogd
have to be disabled if syslog-ng shall be used.

medsource, how did you manage this issue ?

thanks && brgds

I changed, in the vsftpd.conf file, the location and method of the logging. I set it (if memory serves correct) to /var/tmp/log and called it ftp.log (I think). I then set a cron job to run a script to check the size of the log and purge it if it got too big (I think it was set to 200kb).

I too would have loved fail2ban to just peruse the syslog, but I never found a way to do that. Anyway, using a true log file (on the ramdisk so spindown is preserved) works.

[tiwag]

any other one, who has some other ideas

(maybe with tested and working scriptfiles
and precise instructions, what has to be changed where,
instead of "maybe could be working when my brain remembers correctly" )


sorry medsource, but you are way too unspecific !
therefore of no great help.

brgds

[medsource]

any other one, who has some other ideas

(maybe with tested and working scriptfiles
and precise instructions, what has to be changed where,
instead of "maybe could be working when my brain remembers correctly" )


sorry medsource, but you are way too unspecific !
therefore of no great help.

brgds

<rant>

Well, that lovely public bash really makes me want to check my config files and cron scripts WHEN I GET HOME TO WHERE MY WL-700GE IS to help you out.

Maybe you should learn to ask politely and not behave like a complete ass. Methinks your results might be better.

</rant>

[tiwag]

<rant>

Well, that lovely public bash really makes me want to check my config files and cron scripts WHEN I GET HOME TO WHERE MY WL-700GE IS to help you out.

Maybe you should learn to ask politely and not behave like a complete ass. Methinks your results might be better.

</rant>

looking politely forward ...

just a small reminder to what i requested a few times already ...

thanks medsource,

you could post your modified fail2ban files package here,
then we wouldn't need to investigate the same issues ever and ever again.

brgds

--
tiwag

anyhow, i made some progress in the meanwhile

i got syslog-ng working, which produces nice logfiles, which can be read by fail2ban.
at the moment i'm working to find out, which are the least common settings for syslog-ng,
in order to produce a /opt/var/log/auth.log where dropbear and vsftp logins are collected,
and all the other necessary stuff goes to /opt/var/log/syslog
and all the unnecessary stuff is silently dropped.

brgds

[medsource]

i got syslog-ng working, which produces nice logfiles, which can be read by fail2ban.
at the moment i'm working to find out, which are the least common settings for syslog-ng,
in order to produce a /opt/var/log/auth.log where dropbear and vsftp logins are collected,
and all the other necessary stuff goes to /opt/var/log/syslog
and all the unnecessary stuff is silently dropped.

brgds

You might run into a problem with that log location for two reasons...

1) Unless /opt/var/log is cramfs (need to check the mount point for that) then everytime you experience an attack this data will get written to the drive and will negate spindown on the HD (granted if you are not using spindown then this is not an issue).

2) Make sure you set a size limit for the log files (syslog-ng SHOULD be able to do this; but I have never used it so I can't say for sure) else the log files (at least vsftpd) will get large over time (speed of increase in size depending on how heavy you are getting hit or how often you use ftp).