Forums

Resolved
0 votes
Just a titbit. Anyone like this? I am working on prettying up the time remaining on the ban. Also the delete button acts immediately without confirmation, which I am not sure about. The other thing I want to do is give an option to whitelist the LANs.
Attachments:
Friday, July 16 2021, 11:31 AM
Share this post:
Responses (14)
  • Accepted Answer

    Thursday, July 22 2021, 01:08 PM - #Permalink
    Resolved
    0 votes
    There is now another update to the Attack Detector app which adds an option to whitelist your LANs. This can be useful when, for example, setting up e-mail packages which often assume the full e-mail address is the username and you get banned when trying to set the user up. Or if you are doing some testing on your LAN.

    As before, you can upgrade with:
    rm -rf /var/cache/yum
    yum update app-attack-detector --enablerepo=clearos-updates-testing
    Note this will not be released next week as I'll be on holiday.

    If enabled, if you are in gateway mode, any LAN (so not HotLAN or DMZ) will be whitelisted as will any subnet covered by static routes using the EXTRALANS parameter in /etc/clearos/network.conf. If you are in standalone mode, it will whitelist all interfaces and anything covered by the EXTRALANS parameter in /etc/clearos/network.conf.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, July 21 2021, 07:21 AM - #Permalink
    Resolved
    0 votes
    This was released to the Community last night.

    I am now working on the Whitelist LAN's feature. I have the UI display working but have to make it do something.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, July 18 2021, 12:15 PM - #Permalink
    Resolved
    0 votes
    Okay, thanks for clarifying this.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, July 18 2021, 11:04 AM - #Permalink
    Resolved
    0 votes
    The for our apps the workflow is clearos-updates-testing -> clearos-updates (which is a Community repo) -> clearos-verified (which is a paid repo). Paid users can always grab the packaged from the earlier repos if they want.

    Clearos-updates-testing is just a repo and there is no concept of a Community updates-testing repo and a Paid updates-testing repo.

    The workflow is not so good with packages in contribs as there is no separate repo for the paid users so releases here go to both Community and Paid at the same time.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, July 18 2021, 10:41 AM - #Permalink
    Resolved
    0 votes
    I think we have a misunderstanding. My bad.

    I was convinced that the update you made only was available for community but the update is also available in the clearos-updates-testing repo on business. I guess the is the same repo as on community?

    I updated the attack-detector and tested the confirmation. Really nice Nick your a pro!
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, July 18 2021, 08:45 AM - #Permalink
    Resolved
    0 votes
    @Marcel, I don't understand what you are saying, Attack Detector worked anyway, but at the bottom of the screen there was just a log of the most recent bans (some of which may no longer be active). This log has been replaced with a list of all current bans and a button has been added to enable you to remove the ban.

    I've just released an update to testing with delete confirmation:
    rm -rf /var/cache/yum
    yum update app-attack-detector --enablerepo=clearos-updates-testing
    You should get version 2.3.11-1.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 07:12 PM - #Permalink
    Resolved
    0 votes
    Noticed the update for Business. Appreciated! :)

    Opened port 22 for a couple of minutes. So I immediately had login attempts. It does it's work nicely. No problems to report. Nice.
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 06:14 PM - #Permalink
    Resolved
    0 votes
    Okay, thanks for clarifying. I have to setup a VM on my Windows machine to test. Cool stuff.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 06:05 PM - #Permalink
    Resolved
    0 votes
    Isn't is correct there, but I'll clarify.

    Some apps seem to have a delete confirmation dialog and others (e.g ibVPN) don't. Others like the DNS app does have a delete confirmation. I'll have to try to crib that code, but for the moment app-attack-detector does not have a delete confirmation dialog. I think it is more normal to have a delete dialog so I'll have to work on it.

    There is also an obscure bug in the app on testing that only a command line tinkerer would come across. I have a custom jail which blocks whole subnets and the subnet fails to sort correctly in IP order. It is a trivial fix and will not hold up me from releasing the app to the Community.

    If you are testing, you can add your own ban to a jail with:
    fail2ban-client set {jail-name} banip {ip_to_ban}
    It looks like I also have to tidy up on the Name/Rule headers as they are inconsistent. I'll probably call them both "Jail Name"

    And, as normal, it will go to the Community first then to Paid.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 06:03 PM - #Permalink
    Resolved
    0 votes
    The is only a release for community?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 05:48 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    There is no delete confirmation so deletes are immediate but there isn't a delete confirmation in some other apps.


    Isn't or is? is "isn't" a typo? The sentence sounds a bit strange this way.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 02:42 PM - #Permalink
    Resolved
    0 votes
    I'm thinking of doing this in bits. In clearos-updates-testing there is a releasable package of what I've done so far. I have formatted the ban time remaining. There is no delete confirmation so deletes are immediate but there isn't a delete confirmation in some other apps.

    Next on the list may be whitelisting of the LANS, but if what I've done so fat is OK, I'll release it as it is.

    To update do:
    yum update app-attack-detector --enablerepo=clearos-updates-testing
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 12:59 PM - #Permalink
    Resolved
    0 votes
    Cool. Great job Nick
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 17 2021, 12:48 PM - #Permalink
    Resolved
    0 votes
    Cool Nick! The delete button and the timers are nice. You want to add a confirmation box? Indeed a good idea to warn users extra. Whitelisting LANs.. nice!

    <off topic>
    Sorry about the rant from last post. I know you are in a difficult situation and you can't solve the lake of communication.
    The reply is currently minimized Show
Your Reply