[sslh] fail2ban
perini.davide@dpsoftware.org_IMAP
perini.davide at dpsoftware.org
Sun Oct 6 16:45:26 CEST 2013
Ok, this solve everything.
All logs now contains the correct IP address,
fail2ban jails works,
I can start SSLH at boot as user without problems.
I have only one jail that make me problem,
the IP address in the log is written correcly now but I have this
warning from fail2ban.
<28>fail2ban.filter : WARNING Unable to find a corresponding IP address
for ::1
Have you experienced this problem before, or have an idea on why I have
that problem?
Thanks.
Il 06/10/2013 14.43, perini.davide at dpsoftware.org_IMAP ha scritto:
> Yves, I love you and your sslh!
>
> I managed to do that with
> start() {
> echo -n "Starting SSL-SSH-Switch: "
> if [ -f $PIDFILE ]; then
> PID=`cat $PIDFILE`
> echo sslh already running: $PID
> exit 2;
> else
> daemon --user MYUSER $SSLH $OPTIONS
> RETVAL=$?
> echo
> [ $RETVAL -eq 0 ] && touch $PIDFILE
> return $RETVAL
> fi
>
> }
>
> as you can see I added the --user to the daemon.
> daemon --user dpsoftware $SSLH $OPTIONS
>
> Do you see any security issues in this?
> Can I use it without problem?
>
> ThankS!!!!
>
>
> Il 06/10/2013 14.34, Yves Rutschle ha scritto:
>> On Sun, Oct 06, 2013 at 02:01:07PM +0200,
>> perini.davide at dpsoftware.org_IMAP wrote:
>>> There is some big guru that says that
>>> if a software as a problem with red hat generally the software has a
>>> problem :D
>> This particular problem could be fixed within sslh but would
>> open other problems.
>>
>> And I'm pretty sure this can be fixed in your sslh start-up
>> script.
>>
>> According to the sample script I have for CentOS, RedHat
>> uses a 'daemon' command to start services, and according to
>> the manual you should be able to add the --user command to
>> the daemon startup line, which should fix the problem.
>>
>> If you're using the CentOS script from the sslh repository,
>> I think just setting SSLH_USER should do the trick.
>>
>> Y.
>
More information about the sslh
mailing list