日期: 2021 年 3 月 3 日

fail2ban with OpenVPN(ubuntu 20.04)

This page describes how to set up fail2ban with OpenVPN 2.4.7 (tested on ubuntu 20.04)

Create /etc/fail2ban/filter.d/openvpn.conf containing:

# Fail2Ban filter for selected OpenVPN rejections
#
#

[Definition]

# Example messages (other matched messages not seen in the testing server's logs):
# Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed from [AF_INET]59.90.146.160:51223
# Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake failed

failregex = ^ TLS Error: incoming packet authentication failed from \[AF_INET\]<HOST>:\d+$
            ^ <HOST>:\d+ Connection reset, restarting
            ^ <HOST>:\d+ TLS Auth Error
            ^ <HOST>:\d+ TLS Error: TLS handshake failed$
            ^ <HOST>:\d+ VERIFY ERROR

ignoreregex =

Create /etc/fail2ban/jail.local containing:

# Fail2Ban configuration fragment for OpenVPN

[openvpn]
enabled  = true
port     = 1194
protocol = udp
filter   = openvpn
logpath  = /var/log/openvpn/openvpn.log
maxretry = 3

To effect the configuration change:

$ service fail2ban restart

To test the configuration change, check /var/log/fail2ban.log initially for service start messages and later for WARNING [openvpn] Ban and Unban messages.

参考链接

HOWTO fail2ban with OpenVPN

禁止macOS系统产生.DS_Store文件的方法

Mac经常会产生 .DS_Store 的隐藏文件,虽然在 Mac 上看不到,但是有时用了人家的 U 盘或把 U 盘拿到 Windows 系统上用,就会看到。

.DS_StoreMac OS 保存文件夹的自定义属性的隐藏文件,如文件的图标位置或背景色,相当于Windowsdesktop.ini

  • 禁止 .DS_Store 生成:
    打开 “终端” ,复制黏贴下面的命令,回车执行,重启Mac即可生效。

    $ defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE
  • 恢复 .DS_Store 生成: 
    $ defaults delete com.apple.desktopservices DSDontWriteNetworkStores

参考链接