onefang | In my experience fail2ban fails to ban often, coz it's fighting with the firewall. Now I'm looking for fail2ban + firewall combination that works with this years new *tables or whatever it is called this year, and doesn't fail to ban. | 00:07 |
---|---|---|
onefang | But right now it's Sunday morning and I'm still waking up. | 00:07 |
rwp | At this moment iptables still works. I have yet to learn how to drive nftables. | 00:15 |
rwp | It is annoying that though they could keep the interface compatible and change the internals that they have chosen to thrash us all multiple times. | 00:15 |
rwp | But as for fail2ban in Beowulf anyway there was no trimming (sqlite optimize?) of the sqlite database files. | 00:15 |
rwp | Meaning that on my systems those grow and grow and grow without bounds. | 00:16 |
rwp | At the last upgrade on my system I quoted above the sqlite files were 3.1GB in size and were filling up the /var partition causing problems. | 00:16 |
onefang | Well when I put an IP into my firewall coz I'm tired of it poping up in fail2ban, I stop both and delete the sqlite file completely, so fail2ban wont try to unban the IP the firewall thought it banned. The recedive thingy seems to be helping, but still leaves a window of oppurtunity when I want a permaban for an IP. | 00:19 |
rwp | I don't think fail2ban is the right place to place a perma-ban on an IP address. I just do those in the firewall and fail2ban doesn't know about it. | 00:21 |
onefang | Which is why when the timeout for fail2ban runs out, fail2ban will unban the IP, and the firewall doesn't know that this IP is now allowed through. | 00:22 |
rwp | I am confused. Sorry. Are you saying that if you ban an IP at the firewall level outside of fail2ban that fail2ban will at the timeout unban it? (Doesn't work like that here. Wrong chain.) | 00:23 |
onefang | Yep, exactly. It fails to ban. | 00:24 |
rwp | Which firewall is that? I use shorewall (I know, it is moribund, and I will eventually need to move on) and these will be in different chains and have no interaction at all. | 00:25 |
FatPhil | I've always planned to write my own back-to-basics fail2ban replacement. The guys doing dictionary attacks on my SSH ports may be blocked 90% of the time, but it seems dumb to just let them have the same chances again as soon as they're unblocked. It shouldn't be so forgiving. | 00:25 |
onefang | Ah use a different IP chain, or IP table, or NF table, or what ever the kernel people change it to next year. | 00:25 |
onefang | shorewall. lol | 00:25 |
rwp | Laugh if you want but I like it and will miss it when it becomes unusable. I like files on disk for configuration and it provides it. | 00:26 |
onefang | These days the bad people tend to use throw away cloud IPs or network bot armies, so fail2ban is becoming less relevant anyway. | 00:26 |
rwp | The author and main maintainer is basically retiring from the project. Unable to deal with the endless kernel changes and endless need to support of everyone. | 00:27 |
onefang | Yes, I like shorewall to, which is why I still use it. | 00:27 |
rwp | Oh! You laughed at the mention of it. I thought you were against it. Miscommunication there. | 00:27 |
onefang | I was laughing coz I DO use it. | 00:27 |
rwp | The main firewall I see people using today is ufw due to popularizing in Ubuntu. | 00:28 |
rwp | I haven't tried hard to learn it but it seems to be one that one crafts in place with commands rather than having files on disk for configuration. | 00:28 |
rwp | A dynamic versus static type of configuration paradigm. | 00:29 |
onefang | But yeah, for that shorewall maintainer retiring reason, *tables, and this failToBan thing I've been searching for a new combo for some time. | 00:29 |
rwp | ufw may have a way to statically configure it but no one who I have chatted with that uses it knows how to do it using ufw. | 00:29 |
rwp | Like FatPhil I have been thinking I might try my hand at writing a firewall and fail2ban replacement for my own use. | 00:30 |
onefang | You two should work together. B-) | 00:30 |
rwp | Because fail2ban is very limited in scope. It's stateless more than state full. Making it hard to catch some common and typical abuse attack patterns. | 00:31 |
onefang | Also post about this planned replacement on the Devuan-dev mailing list, you might find more contributors. | 00:32 |
onefang | Don't forget to make the backend modular, for next years kernel *tables. | 00:33 |
onefang | Also fail2ban scans your log files looking for errors, and I've been trying out other security things that also scan your log files looking for suspicious activity. Maybe a more flexible log scanner that can do various responses besides banning IPs? Then there's not half a dozen tools all scanning my log files. Then getting bogged down when ntfs-3g dumped 12 GB of duplicated error messages into syslog the other day. | 00:38 |
onefang | OK time to finish waking up. | 00:41 |
rrq | rwp: the design might have "fence", "database" and "detection" as separate concerns and modules | 01:01 |
rwp | There is clearly a lot of community desire and need for such a project! | 02:27 |
Afdal | Can anyone explain the arcane magicks of X11 power management | 07:08 |
Afdal | Sometimes it seems like when my system has been on for a while one of my screensaver/power manager controllers just decides that it's suddenly going to no longer respect my time-until-do-X settings | 07:09 |
Afdal | And I cannot figure out how the heck to get it back under control | 07:09 |
Afdal | Like right now for instance when I'm watching video in a web browser | 07:10 |
Afdal | sometimes that behavior I actually want (detect video playing and disable monitor control during it) | 07:10 |
Afdal | is what I get | 07:10 |
Afdal | and sometimes not | 07:10 |
Afdal | Right now it's not, and I can run to XScreenSaver or xfce4-power-manager and move sliders back and forth | 07:11 |
Afdal | and nothing works >:O | 07:11 |
Afdal | I just don't get it and it's mind-boggling to me how I'm still having problems with this | 07:18 |
Afdal | the same kind of problems that have been around over a decade ago | 07:18 |
Afdal | How hard is it to get screensaver/power control right >:/ | 07:19 |
rwp | Afdal, I don't agree with this famed author but it provides some good background on screensavers regardless. https://www.jwz.org/blog/2020/12/xscreensaver-5-45/ | 07:43 |
Afdal | blegh, systemd | 07:45 |
Afdal | hmmm is this a problem because browsers are trying to force systemd dependencies? | 07:45 |
rwp | Which browser are you trying to use to play videos when the screensaver is being invoked? I haven't had problems using Firefox and normal xset dpms settings. | 07:52 |
Afdal | Palemoon, but as I said this works fine for a while | 07:53 |
Afdal | and then sometimes something just poops itself | 07:54 |
Afdal | Is dpms the low-level controller for this stuff? | 07:54 |
Afdal | that sounds familiar | 07:54 |
Afdal | how do I check my current dpms settings... | 07:54 |
Afdal | Problem is even if I tick a box in xfce4-power-manager or whatever to "allow program to control DPMS instead of X11", it refuses to work! | 07:57 |
Afdal | I can't figure out which program or daemon or whatever is actually in control of display power >:/ | 07:57 |
rwp | Afdal, Re: how do I check my current dpms settings... Use: xset q | 09:23 |
rwp | However I know nothing more about how to have xfce do or do not control this. I am using a simple window manager. i3 in my case. | 09:24 |
talismanick | How's Devuan + runit for practical use? | 12:08 |
talismanick | (want Debian stability and practicality, but like runit more than systemd) | 12:08 |
gnarface | it's practical but missing some startup files for some services | 12:10 |
gnarface | sysvinit is still better supported | 12:10 |
gnarface | but if you know what you're doing it should work fine | 12:10 |
talismanick | gnarface: Any amenities I'll likely miss? Most runit scripts are pretty short anyways | 12:11 |
gnarface | i can't say from firsthand experience, but if you hang out here long enough you should be able to talk to someone who has tried it | 12:11 |
gnarface | from what i recall it's just that the runit scripts themselves aren't fully populated | 12:13 |
gnarface | so you might have to make a few or dig them out of archives, depending on which daemons you're using | 12:13 |
gnarface | to some degree that's a problem with sysvinit too just to much lesser of a degree | 12:14 |
deuxexmachina | is devuan as reproducible as debian? I don't see why it wouldn't but figured I'd ask | 13:26 |
onefang | Devuan mostly uses Debian packages. | 13:27 |
onefang | Which means Devuan is mostly as reproducible as Debian. | 13:29 |
deuxexmachina | For just running docker containers on bare metal I don't see a need for systemd, but still curious about TalosOS since it is supposedly tailored for k8s | 13:31 |
ibanja | regex question (anyone good with regex?): | 17:29 |
ibanja | I need to remove a substring from within a string. The substring could be one of two possibilities... either "Trade: Long" or "Trade: Short". Example that didn't work: | 17:29 |
ibanja | echo "Trade: Long some security name (EXCHANGE:SYMBOL)" |sed 's/Trade: (Short|Long)//' | 17:29 |
fluffywolf | you need sed -r if you want to do complex regexs | 17:30 |
ibanja | ok... that worked. Thanks! | 17:31 |
fluffywolf | glad to help! | 17:32 |
_ds_ | -r or some backslashes. | 17:45 |
phogg | sed -E should be preferred over sed -r (ERE mode for sed has been standardized to -E, matching grep) | 18:17 |
lts | Next you say we should start using ss instead of netstat | 18:25 |
phogg | netstat vs. ss is a rather different issue, using -E instead of -r is a drop-in replacement | 18:35 |
rwp | netstat and ss interface to the Linux kernel, which is always in motion and so must chase it. sed operates purely in userland space. | 19:05 |
FatPhil | ibanja: to be honest, if I'm resorting to actual scripting, rather than just a one-liner, I'd just hit perl. I should remember the -E switch to sed, I basically just remember to backslash everything that doesn't normally need backslashes to get sed to work, but I hate ugly commandlines. | 23:59 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!