This directory contains platform-specific Bansshee support files for Red Hat
Enterprise Linux 5.3.
+ - configuration file:
+ - etc/bansshee.conf
+ - logwatch filter files:
+ - etc/logwatch/conf/services/bansshee.conf
+ - etc/logwatch/conf/services/secure.conf
+ - etc/logwatch/scripts/services/bansshee
+ - startup script:
+ - etc/rc.d/init.d/bansshee
+
+
+DIFFERENCES FROM THE DEFAULT SETTINGS
+
+The default settings in the bansshee script were designed to work with Red Hat
+Enterprise Linux ES 3. There are three main differences when moving to RHEL
+5.3:
+
+ (1) Some of the status messages emitted by sshd have changed slightly:
+ - what was previously "illegal user" is now "invalid user"
+ - instead of just "Failed password", we might also see now "Failed none"
+ and "Failed publickey"
+ (2) The logwatch configuration files have moved from "/etc/log.d" to
+ "/etc/logwatch". In addition, a minor bug in the previous version of the
+ logwatch script has been corrected (previously it tried to match
+ "appended" when it should have matched "added").
+ (3) Appending the BANSSHEE chain to the default firewall rules will have no
+ effect because by the time the initial INPUT chain is finished all SSH
+ traffic will already have been accepted; we therefore have to insert the
+ chain rather than appended. (Obviously if you have a custom set of
+ firewall rules then you may want to tweak this even further, inserting
+ the BANSSHEE chain before a specific rule number.)
-LOGWATCH FILTER FILES
- etc/logwatch/conf/services/bansshee.conf
- etc/logwatch/conf/services/secure.conf
- etc/logwatch/scripts/services/bansshee
-
-
-STARTUP SCRIPT
+INSTALLATION
- etc/rc.d/init.d/bansshee
+To use the configuration file, copy it into the /etc directory:
-
-INSTALLATION
+ sudo cp etc/bansshee.conf /etc/bansshee.conf
To use the filter files, copy them to the appropriate directories:
Start the bansshee service if not already started:
sudo service bansshee start
+
+AUTHOR
+
+These RHEL 5.3 support files were prepared by Wincent Colaiuta
+(win@wincent.com).
--- /dev/null
+# To override a given setting uncomment the corresponding line (remove the # symbol that begins the line) and alter the setting
+# See the README file for detailed information about each setting.
+
+#
+# General settings
+#
+
+#our $permitted_illegal_user = 5; # number of invalid user attempts permitted from a single IP address before it gets blocked
+#our $permitted_incorrect_pass = 5; # number of incorrect pass attempts permitted from a single IP address before it gets blocked
+#our $unban_wait = 3600; # minimum number of seconds an IP must wait before it gets removed from the blocklist (1 hour)
+#our $grace_period = 3600; # number of seconds that must pass before prior invalid/incorrect attempt counts are reset (1 hour)
+#our $unblocking_interval = 300; # number of seconds between checks of the blocklist for removing old IPs (5 minutes)
+
+#
+# Platform specific settings: based on Red Hat Enterprise Linux 5.3
+#
+
+#our $logpath = '/var/log/secure'; # logfile to watch
+our $illegal_user_regex = 'sshd\[\d+\]: Failed (?:password|none|publickey) for invalid user (\S+) from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) port \d+ ssh';
+our $incorrect_pass_regex = 'sshd\[\d+\]: Failed (?:password|none|publickey) for (\S+) from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) port \d+ ssh';
+#our $iptables = '/sbin/iptables'; # for manipulating the firewall
+#our $iptables_create = '-N BANSSHEE'; # iptables parameters for creating the BANSSHEE chain
+our $iptables_add = '-I INPUT -p tcp --dport ssh -j BANSSHEE'; # iptables parameters for adding the JUMP rule
+#our $iptables_remove = '-D INPUT -p tcp --dport ssh -j BANSSHEE'; # iptables parameters for removing the JUMP rule
+#our $iptables_flush = '-F BANSSHEE'; # iptables parameters for flushing the BANSSHEE chain
+#our $iptables_delete = '-X BANSSHEE'; # iptables parameters for deleting the BANSSHEE chain
+#our $id = '/usr/bin/id -u'; # for determing if running as root
+#our $log_facility :shared = 'authpriv'; # Bansshee messages logged to /var/log/secure
+
+1; # required end marker: do not delete this line
git.wincent.com / bansshee.git / commitdiff
