habe das Problem, dass mein PHPsysinfo nur geht, wenn kein Benutzernahme und kein Passwort eingetragen ist. Da das Web-IF nicht im Netz steht, könnte ich damit leben.
Gerade habe ich den cccam-Port ins Netz gestellt, habe die jail.conf angepasst und wollte fail2ban neu starten, da startet es plötzlich nicht mehr. Und damit ist mein SSH-Port und Apache auch ungeschützt. Schöne Sch... Neu installieren bringt folgende Meldung:
Spoiler
Show
Double login: aktiviert
Bad command: aktiviert
Signature failed: aktiviert
illegal user: aktiviert
/etc/fail2ban/jail.conf wird fuer CCcam 2.3.0 aktualisiert.... ok
Restarting authentication failure monitor: fail2banTraceback (most recent call last):
File "/usr/bin/fail2ban-client", line 401, in <module>
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 370, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 180, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 374, in __readConfig
self.__configurator.readAll()
File "/usr/share/fail2ban/client/configurator.py", line 58, in readAll
self.__jails.read()
File "/usr/share/fail2ban/client/jailsreader.py", line 41, in read
ConfigReader.read(self, "jail")
File "/usr/share/fail2ban/client/configreader.py", line 59, in read
SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
File "/usr/share/fail2ban/client/configparserinc.py", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/configparserinc.py", line 76, in getIncludes
parser.read(resource)
File "/usr/lib/python2.6/ConfigParser.py", line 286, in read
self._read(fp, filename)
File "/usr/lib/python2.6/ConfigParser.py", line 510, in _read
raise e
ConfigParser.ParsingError: File contains parsing errors: /etc/fail2ban/jail.conf
[line 293]: '12000\n'
[line 302]: '12000\n'
[line 311]: '12000\n'
[line 320]: '12000\n'
failed!
fail2ban Installation fuer CCcam (port 50000#mit0istServerausgeschaltet
##SERVERLISTENPORTEinstellung##
12000) abgeschlossen!
Bad command: aktiviert
Signature failed: aktiviert
illegal user: aktiviert
/etc/fail2ban/jail.conf wird fuer CCcam 2.3.0 aktualisiert.... ok
Restarting authentication failure monitor: fail2banTraceback (most recent call last):
File "/usr/bin/fail2ban-client", line 401, in <module>
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 370, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 180, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 374, in __readConfig
self.__configurator.readAll()
File "/usr/share/fail2ban/client/configurator.py", line 58, in readAll
self.__jails.read()
File "/usr/share/fail2ban/client/jailsreader.py", line 41, in read
ConfigReader.read(self, "jail")
File "/usr/share/fail2ban/client/configreader.py", line 59, in read
SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
File "/usr/share/fail2ban/client/configparserinc.py", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/configparserinc.py", line 76, in getIncludes
parser.read(resource)
File "/usr/lib/python2.6/ConfigParser.py", line 286, in read
self._read(fp, filename)
File "/usr/lib/python2.6/ConfigParser.py", line 510, in _read
raise e
ConfigParser.ParsingError: File contains parsing errors: /etc/fail2ban/jail.conf
[line 293]: '12000\n'
[line 302]: '12000\n'
[line 311]: '12000\n'
[line 320]: '12000\n'
failed!
fail2ban Installation fuer CCcam (port 50000#mit0istServerausgeschaltet
##SERVERLISTENPORTEinstellung##
12000) abgeschlossen!
Ich habe vorher proftp-basic und exim4 deinstalliert, um keine ports offen zu haben, es kamen keine Fehlermeldungen. Anschliessend wollte ich SSHdtcp6 ausschalten, dazu bin ich wie folgt vorgegangen:
Spoiler
Show
sshd tcp6 schliessen:
echo "# Disable IPv6" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "#" >> /etc/sysctl.conf
sysctl -p
in /etc/exim4/update-exim4.conf.conf Zeile dc_local_interfaces dahingehend abändern:
dc_local_interfaces='127.0.0.1'
echo "# Disable IPv6" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "#" >> /etc/sysctl.conf
sysctl -p
in /etc/exim4/update-exim4.conf.conf Zeile dc_local_interfaces dahingehend abändern:
dc_local_interfaces='127.0.0.1'