dreamguitar

Registered
Feb 8, 2004
4
0
151
I have setup Mod_dosevasive on my server. I can see possible ddos blocking ip in /var/log/messages but it dont working no email and no ip ban in deny.host.rules


Here my following configuration. Please help to correct this .

in httpd.conf

<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
DOSEmailNotify [email protected]
DOSSystemCommand "sudo /usr/local/sbin/apf -d %s"
</IfModule>


and in visudo : ( my server name root.blabla.com )

nobody root. = NOPASSWD: /usr/local/sbin/apf -d *
 

nosfin

Registered
Dec 7, 2003
1
0
151
the same.

i'm having the same problem..

nobody ALL = NOPASSWD: /usr/local/sbin/apf -d *
or
nobody sense. = NOPASSWD: /usr/local/sbin/apf -d *

[email protected] [/etc]# sudo -u nobody -s /usr/local/sbin/apf -d 11.11.11.11
/usr/local/sbin/apf: /usr/local/sbin/apf: Permission denied
[email protected] [/etc]#

is there anyone knows howto solve this problem ?
 

dropby23

Well-Known Member
Jan 16, 2005
155
0
166
use this command
Code:
cat /var/log/messages | grep Blacklisting | awk {'print "ALL:" $8 "\n"'} >> /etc/hosts.deny
or

find this
DOSSystemCommand "sudo /usr/local/sbin/apf -d %s"
and change with this

DOSSystemCommand "sudo -u nobody-s /usr/local/sbin/apf -d %s"

and the visudo will be like that

nobody ROOT. = NOPASSWD: /usr/local/sbin/apf -d *
the last thing you will do
chmod 2755 /usr/local/sbin/apf