LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   mod_dosevasive DOSSystemCommand problem (https://www.linuxquestions.org/questions/linux-security-4/mod_dosevasive-dossystemcommand-problem-354527/)

super_mouse 08-18-2005 08:02 AM
mod_dosevasive DOSSystemCommand problem
 
Hello,

I installed mod_dosevasive and it seems to work fine.
The only think that I can't get working is adding a IPTABLES rule to block an IP address with:
DOSSystemCommand "su - root -c '/sbin/iptables -A INPUT -s %s -j DROP' ".

Something strange is going on with DOSSystemCommand.

For example the following directive works fine:
DOSSystemCommand "ls -l >> log/test.txt"
but without the -l option it doesn't work:
DOSSystemCommand "ls >> log/test.txt"

Adding "su - root -c" doesn't help.

DOSSystemCommand "echo sometext >> log/test.txt"
on the other hand works fine.

I also do not succeed in running a shell script with DOSSystemCommand:
DOSSystemCommand "su - root -c 'sh script.sh' ".
no matter what path or user I use. The permissions are rwxrwxrwx.

Does anybody know why some commands run fine with DOSSystemCommand while others don't????

Is it a good idea to block IP addresses in iptables via DOSSystemCommand?

Thanks a lot for any help!

Super Mouse

peter_robb 08-23-2005 08:17 AM
Try using sudo or something similar which stays in the current shell..

I would like to see the value in DROPing after this works too..
It's easy to construct DOS attacks by spoofing dns server addresses etc..
You may wish to look at the iptables target TARPIT instead as a way of reducing conntrack overhead..


All times are GMT -5. The time now is 12:05 PM.