[Leaplist] fail2ban
Phil Barnett
philb at philb.us
Mon Mar 8 18:53:37 EST 2010
I was looking for a solution to automatically firewall password guessing
attacks to ssh my server and came across this interesting solution.
By default, it runs as a service, it monitors logs and when it sees x number
of failed attempts (defined by regex and x = 6 in the ssh monitor), it jails
the IP for 600 seconds (also configurable). After 600 more seconds, it is
removed from the jail.
Today, it isolated and temporarily jailed 8 IP addresses.
It was very easy to install and configure and comes with a variety of
monitors already to go but turned off by default.
When it jails the IP, it also fires off an email to me saying what it does
along with a whois of the IP address.
It appears to be very well designed and production ready in it's current
state. I'm going to rate this one as a keeper. A+.
http://www.fail2ban.org/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.leap-cf.org/pipermail/leaplist/attachments/20100308/bcba392b/attachment.html
More information about the Leaplist
mailing list