Forums

Resolved
0 votes
Devin Johnson wrote:
The ClearFoundation & ClearCenter are pleased to announce a great new addition to the ClearOS Marketplace. Introducing: Attack Detector.

The Attack Detector app scans your system for authentication failures across various types of services installed on your system. If the failure threshold is reached, the app will block the attacking system. For example, it is a common tactic for spammers to guess a valid username/password combination for sending unsolicited outbound mail. The Attack Detector detects the failed login attempts and actively blocks the spammer.

Multiple apps in Marketplace will provide rule sets for the Attack Detector app, such as the SSH Server app, FTP Server app and more. This app will function as a standalone app, however it may also be combined with the Intrusion Detection System & Intrusion Prevention System apps to provide maximum protection against attacks.


https://www.clearos.com/images/Attack_Detector.png

For more information CLICK HERE.

LINK to the original announcement.
Sunday, March 27 2016, 11:52 AM
Share this post:
Responses (14)
  • Accepted Answer

    Monday, June 27 2016, 11:20 PM - #Permalink
    Resolved
    0 votes
    HI Peter,
    i posted my issue in https://www.clearos.com/clearfoundation/social/community/app-attack-detector-no-rules-clearos-7-2 and replied to your advice in that post with the issues i am having since this is marked as resolved and my issue is not resolved.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 27 2016, 07:03 PM - #Permalink
    Resolved
    0 votes
    Thanks for the info. I'll have to investigate sometime. I'm still on 6.x and use vanilla f2b (with my own crafting of some filters and jails).
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 27 2016, 06:54 PM - #Permalink
    Resolved
    0 votes
    Hi Loren and Nick,

    The fail2ban filter definitions are indeed in /etc/fail2ban/jail.d, however, it is the related app that pulls in those definitions. For example, the /etc/fail2ban/jail.d/clearos-postfix-sasl.conf configlet that detects SMTP authentication failures is part of the SMTP Server app. You won't see that fail2ban filter in the ClearOS web interface unless the SMTP Server app is installed.

    But here's a bit of a head scratcher -- you should at least see a couple of SSH related fail2ban filters. The SSH Server app is installed by default and the latest version of that app includes a couple of fail2ban configlets.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 27 2016, 05:22 PM - #Permalink
    Resolved
    0 votes
    If it is anything like a standard fail2ban, my /etv/fail2ban/jail.d is empty as well. Configuration is normally done through changing /etc/fail2ban/jail.local if ClearOS has been good or /etc/fail2ban/jail.conf if not. Similarly the filters and actions are in /etc/fail2ban/filter.d/ and /etc/fail2ban/action.d/. The filters and actions conventionally follow the jail names. The jails themselves end up as iptables chains.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 27 2016, 03:29 PM - #Permalink
    Resolved
    0 votes
    Hi, I installed on Home 7.2 but it is an upgraded system from 7.1, not a clean install. Attack Detector app Version 2.2.4-1 and it is not showing any rules in the webgui so i sshed into my clearos and checked etc/fail2ban/jail.d/ with ls -lsa and the only thing showing is 00-firewalld.conf. is there a way to manually install rules? i have tried removing and re installing the app through the marketplace and still showing the same so i removed it again and tryed installing via yum install fail2ban --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates then yum --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates,clearos-updates-testing install app-attack-detector and it is still showing only 00-firewalld.conf in the jail.d. anyone got any ideas on how to fix this issue?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, April 22 2016, 08:02 AM - #Permalink
    Resolved
    0 votes
    You can always use fail2ban directly (from clearos-epel), but it needs manually configuring, which is not too hard.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, April 22 2016, 04:38 AM - #Permalink
    Resolved
    0 votes
    Is this only for 7.X?

    Still running good ol' 6.X and would like to give it a go.

    Thanks!

    John
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, April 16 2016, 05:32 AM - #Permalink
    Resolved
    0 votes
    moved general/watercooler --> general/attack detector.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, April 13 2016, 05:32 PM - #Permalink
    Resolved
    0 votes
    Hi,
    I had already Fail2ban installed a long time ago. Attack-detector app installed with no problem on 7.2 Home. All is working correctly except one thing: in the log, i've a lot of banned IP exceeding my ban limit (86400s = one day). After looking in the code of this app, it seems that the IP showing in the log are grepped on fail2ban.log only for the word 'BAN' so the IP UNBANed are not deleted.
    I know it's only 'cosmetic' as fail2ban is working correcly, it unbans those IP after the limit.
    Clearos please continue your excellent work.

    Sorry for my english (I'm French and a long time user of your distribution (I think, I began with COS 3; was a long time ago ;-))
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 28 2016, 07:36 AM - #Permalink
    Resolved
    0 votes
    Thanks for the report!
    The reply is currently minimized Show
  • Accepted Answer

    Jon Eames
    Jon Eames
    Offline
    Monday, March 28 2016, 07:25 AM - #Permalink
    Resolved
    0 votes
    Hi, I installed on Home 7.2 but it is an upgraded system from 7.1, not a clean install. It appears to be working, I will test it from off site tomorrow.

    regards

    Jon
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 28 2016, 06:10 AM - #Permalink
    Resolved
    0 votes
    Hi Jon,

    On which version did you install the Attack Detector app?

    I had no problem installing the app. I installed on 7.2 Professional (clean install).
    The reply is currently minimized Show
  • Accepted Answer

    Jon Eames
    Jon Eames
    Offline
    Monday, March 28 2016, 04:13 AM - #Permalink
    Resolved
    0 votes
    okay found it..........do this first yum install fail2ban --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates, then install from the market............all working now :-)
    The reply is currently minimized Show
  • Accepted Answer

    Jon Eames
    Jon Eames
    Offline
    Monday, March 28 2016, 03:46 AM - #Permalink
    Resolved
    0 votes
    Hi , Tried to install via the marketplace but failed on dependency, fail2ban-server. I tried install via yum but said not available. Can you advise if I need to open another repository?

    Thanks
    The reply is currently minimized Show
Your Reply