Tom,
I am also using Fail2BAN.
I created my own jail for JNOS and it works great.
That is also why I needed to change the JNOS log file name to something
static. That way I could avoid having to reload/restart Fail2Ban every
morning at midnight to look for a new log.
If you need the Jail regex I created for JNOS (assuming you're using JNOS),
contact me off-list (kg6baj(a)n1oes.org) and I can email it to you.
Bill
KG6BAJ
At 09:13 AM 09/29/14, you wrote:
>I do this with a program called fail2ban. You configure it to watch
>log files for authentication failures or other suspicious activity. It
>then blocks the suspicious source IP in iptables for the configured
>period of time. When the time expires, the IP is unbanned, so false
>positives or new users of an IP address aren't adversely affected.
>
>I get many bans per day and don't put much energy into monitoring or
>reporting them.
>
>Tom KD7LXL
>_________________________________________
Greetings to everybody.
****I want direct your attention to two networks
that lately I'm seeing in my Apache2 log files:
5.141.0.0/16
213.33.130.0/24
Log entries are at least suspicious.
I keep sharp lookout.
Best regards.
Tom - sp2lob
Greetings;
Is anyone running a global buckmaster or similar server on 44/8 that I
can query from xNOS? It would be greatly appreciated. Thanks much.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
To whom it may concern.
Quote:
Niall Parker
2013/12/14 at 06:28
I suspect the intent (of Heikki et al)
was to keep that password from being published…
I suspect it would have helped me though if I hadn’t
been paranoid to read all the docs anyway.
Unqote
Just wonder, whether this security measure is still
in force and should be obeyed without any exempts?
Best regards.
Tom - sp2lob
Sent from Sony Xperia Z1
http://www.aqua-mail.com
I noticed that around 2014-09-20 06:00 UTC, the line:
route addprivate 44.136/21 encap 124.171.137.31
started appearing twice in the encap file. Before this, all entries in
the encap file were unique.
Did something change about how the encap file is generated?
Is this line intentionally included twice?
If so, what value does the second entry serve?
Tom KD7LXL
I just got the following. One month is way, WAY too short. If my records
needed updating every month, it would be a mess and I'd rather just shut
down.
Perhaps once a year is a good requirement, just to verify that we're all
still alive. But if things are stable, forcing a login every month is just
too much.
Michael
N6MEF
Hello Michael,
THIS IS A SYSTEM GENERATED EMAIL FROM THE AMPRNET PORTAL.
Your account on the AMPRNet portal has been dormant for over one month.
It is important that you login regularly to ensure that your personal
details
are up to date, as well as ensuring that any AMPRNet resources allocated
to you are correct, e.g. IP allocations, DNS entries, etc.
Please login to the AMPRNet portal soon:
https://portal.ampr.org
If you have any questions relating to this email, you may reply to it and a
human being will read it and respond.
Kind Regards,
Marvin,
The AMPRNet Robot
On 9/18/14, 5:42 PM, Marc, LX1DUC wrote:
> Changing the Subject line of a digest email isn't enough for "modern"
> email clients (probably post 2005 email clients) which use the
> "References" header to organize messages into threads.
>
> I consider digest mode a nice mode for those that want to stay
> informed but it is a bad choice for those who want to participate.
Digest replies really need to go away, as no one can truly reply to a single
message in it. It breaks threading. Changing the subject does not fix this as
threading is done on the references header, it has nothing to do with the
subject.
I consider the 44net list to be people that "get" how email and networking
works, and even here see so many replies that break threading due to using
broken MUA's and generally not taking 30 seconds to ensure the email is
correctly formatted.
I'm on a number of other ham lists, and most are good, there is a certain
subset who are willfully ignorant of proper grammar, spelling, formatting,
top-posting, proper replies, etc. The ones on yahoo groups tend to be the
worst for this (ex. Repeater-Builder).
Some of the best how-to on posting to a list is from #10 on the qmail list guide.
http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html#step10
Some of this is of course not applicable to a general list, but most is.
I've considered writing up a Ham list specific how-to, but I doubt it would
change anything. I think it's why I'm checked in here engaging in some good
passionate discussion from time to time, and then take a couple weeks off not
replying at all. :)
73's
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
On 9/19/14, 4:59 PM, K7VE - John wrote:
> Once a year or 6 months (if we are clearing out inactive accounts)
How about if it's in the global routing table I shouldn't need to verify it?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
