How do I ban an attacker IP with Fail2Ban manually by command line?
fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ
Check the jail where to add the IP using fail2ban-client status
Both commands may require to be executed as sudoer. In this case add a sudo before them.
Ban IP manually
fail2ban-client set jail_name banip xx.xx.xx.xx
You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:
ufw insert 1 deny from <ip> to any
But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING to your jail.conf, and then create ufw-SOMETHING.conf in the /etc/fail2ban/action.d/ folder with the following content:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any
This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban command.
Related
I have two separate clusters (Application and DB) in the same namespace. Statefulset for DB cluster and Deployment for Application cluster. For internal communication I have configured a Headless Service. When I ping from a pod in application cluster to the service it works (Works the other way round too - DB pod to service works). But sometimes, for example if I continuously execute ping command for like 3 times, the third time it gives an error - "ping: : Temporary failure in name resolution". Why is this happening?
As far as I know this is usually a name resolution error and shows that your DNS server cannot resolve the domain names into their respective IP addresses. This can present a grave challenge as you will not be able to update, upgrade, or even install any software packages on your Linux system. Here I have listed few reasons
1.Forgot configuring or Wrongly Configured resolv.conf File
The /etc/resolv.conf file is the resolver configuration file in Linux systems. It contains the DNS entries that help your Linux system to resolve domain names into IP addresses.
If this file is not present or is there but you are still having the name resolution error, create one and append the Google public DNS server as nameserver 8.8.8.8
Save the changes and restart the systemd-resolved service as shown.
$ sudo systemctl restart systemd-resolved.service
It’s also prudent to check the status of the resolver and ensure that it is active and running as expected:
$ sudo systemctl status systemd-resolved.service
2. Due to Firewall Restrictions
By some chance if the first solution did not work for you, firewall restrictions could be preventing you from successfully performing DNS queries. Check your firewall and confirm if port 53 (used for DNS – Domain Name Resolution ) and port 43 are open. If the ports are blocked, open them as follows:
For UFW firewall (Ubuntu / Debian and Mint)
To open ports 53 & 43 on the UFW firewall run the commands below:
$ sudo ufw allow 43/tcp
$ sudo ufw reload```
For firewalld (RHEL / CentOS / Fedora)
For Redhat based systems such as CentOS, invoke the commands below:
```$ sudo firewall-cmd --add-port=53/tcp --permanent
$ sudo firewall-cmd --add-port=43/tcp --permanent
$ sudo firewall-cmd --reload
I hope that you now have an idea about the ‘temporary failure in name resolution‘ error. I also found a similar git issue hope that helps
https://github.com/kubernetes/kubernetes/issues/6667
I want to export some data from MongoDB Atlas.
If I execute the command below, It tries connect localhost and export the data.
mongoexport --uri="mongodb+srv://<username>:<password>#name-of-project-x2lpw.mongodb.net/test" --collection users --out /tmp/testusers.json
Note: If you run this command from Windows CMD, it works fine
After researching the problem and with the help of a user, everything seems to point to a DNS problem and to the related resolv.conf file.
Below the original /etc/resolv.conf:
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search name.com
At the beginning that resulted into a connection failure as shown below:
But if I would change that address into the following public available address according to what advised on this post to 1.1.1.1 the connection is successful, see below:
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 1.1.1.1
options edns0
search name.com
Which resulted into a connection success as shown below:
HOWEVER the problem is that instead of explicitly connecting to the name of the MongoDB cluster, it will connect to the localhost, which is very strange as I successfully exported the files I was looking for from the real connection.
Which means that the machine was correctly connecting to the database but via localhost.
Everything seems to lead, also according to this source and also here to a DNS problem while connecting to MongoDB via terminal to export collections.
Now from this last post it not advisable to manually change this address for several reasons, therefore right after successfully exporting the data using DNS 1.1.1.1 I changed it back to its original DNS 127.0.0.53.
However I don't think this should be a proper behavior as every time I need to export data I will have to continuously and manually change this address.
What could be the reason for this strange behavior? And therefore what could be a long term solution without manually switching between DNS addresses?
Thanks for pointing to the right direction for solving this issue.
It seems you all ready have the answer in the links you mentioned. I will summarize this:
Install resolvconf (for Ubuntu apt install resolvconf), add the line nameserver 8.8.8.8 to /etc/resolvconf/resolv.conf.d/base, then run sudo resolvconf -u and to be sure service resolvconf restart.
To verify run systemd-resolve --status.
You should see on the first line your DNS server like here:
DNS Servers: 8.8.8.8
DNS Domain: sa-east-1.compute.internal
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
This solution persists between reboots.
I have enabled all required ports. When i enable the firewalld service then the core-dns doesnt resolve any domain-name with command $ kubectl exec -ti busybox -- nslookup kubernetes.default
This seems to be a know case, which you can find on GitHub Fresh deploy with CoreDNS not resolving any dns lookup #1056.
There seems to be few solutions which would mean different problems.
One being:
sudo systemctl stop firewalld
sudo systemctl stop firewalld
Please remember this is not recommended.
Another solution might be:
Adding iptables -p FORWARD ACCEPT.
Also check if core dns daemon controller has enough resources, as this might be causing restarts.
You need to provide more details regarding your cluster so we can pinpoint the issue.
This problem may originate due to forwarding packets between interfaces. There are two options:
First, for sessions, I also recommend this for testing:
$ vim /proc/sys/net/ipv4/ip_forward
# set to 1
For a more permanent solution:
$ vim /etc/sysctl.conf
# ADD net.ipv4.ip_forward=1
$ sudo /sbin/sysctl -p
I just got a new router and internet connection.
My phone and my second computer have no problem to connect to internet (wifi or cable). My first computer, where I am running Limux Mint 18.1 Serena, can connect with cable or wifi but I am unable to browser.
I can ping 8.8.8.8 but not google.com.
I do not understand much of DNS but I tried to follow some online tutorials.
I tried to modify the /etc/resolconf directory by adding a resolv.conf file with a new servername but didn't work (even after restarting network-manager). I tried as well to modify the /etc/resolv.conf.d/tail file (as read in other tutorials) by adding a new servername but still not working.
Any suggestion?
Your DNS resolving doesn't work.
Check your firewall for an open port UDP/53 to 8.8.8.8
# iptables -L -n -v
Check with your ISP for DNS server provided. They are probably blocking UDP/53 somewhere on the way out to force you to use internal DNS server.
If you are on DHCP, renew the lease.
Depends on distro (most probably networkmanager, ifdown/ifup combination may work as well). This happens quite often with resolvconfd and dnsmasq. You may need to restart the NetworkManager then
Again - command depends on distro, usually with systemd
# systemctl restart NetworkManager
If you are on static IP and have noone to ask or check their config, you may sniff (tcpdump -nnvv -i <interface> udp port 53).
The problem occurs due to trouble with DNS setting
If you are using linux follow:
Clear this file content (root permission required)
nano /etc/resolv.conf
Add the folling text:
nameserver 1.1.1.1
nameserver 8.8.8.8
Save and Reboot
If using Windows Follow:
Control Panel\Network and Internet\Network and Sharing Center
Select current active connection (wifi/broadband)
Properties > Networking > ipv4 > custom dns > 1.1.1.1 & 8.8.8.8
check Validate setting upon exit > save
I want to set static ip to CentOS machine so i have done changes to script file /etc/sysconfig/network-script/ifcfg-eth0 as
DEVICE=eth0
BOOTPROTO=static
STARTMODE=onboot
IPADDR=10.100.200.59
ONBOOT=yes
NETMASK=255.255.0.0
GATEWAY=10.100.0.1
NM_CONTROLLED=no
I dont want to specify the HW_ADDR field in script file and also remove 70-persistent-net.rules.I rebooted the system,it doesn't come up with static it comes up with dhcp ip. Whenever I ran the command sudo ifup eth0, it gets the satic IP..
PLease help me out for this problem I want to set the static ip in network-script/ifcfg-eth0 without using HW_ADDR and without running command sudo ifup eth0 manually.
Try using this as your network script:
DEVICE=eth0
BOOTPROTO=none
IPADDR=10.100.200.59
ONBOOT=yes
NETMASK=255.255.0.0
GATEWAY=10.100.0.1
NM_CONTROLLED=no
I took out your STARTMODE parameter as you already have ONBOOT configured and changed your BOOTPROTO to none.