[Leaplist] fail2ban
Kevin Inscoe
kevin at inscoe.org
Tue Mar 9 07:02:27 EST 2010
Don't listen on port 22. Use another port and what Jason said.
On Mon, Mar 8, 2010 at 6:53 PM, Phil Barnett <philb at philb.us> wrote:
> I was looking for a solution to automatically firewall password guessing
> attacks to ssh my server and came across this interesting solution.
> By default, it runs as a service, it monitors logs and when it sees x number
> of failed attempts (defined by regex and x = 6 in the ssh monitor), it jails
> the IP for 600 seconds (also configurable). After 600 more seconds, it is
> removed from the jail.
> Today, it isolated and temporarily jailed 8 IP addresses.
> It was very easy to install and configure and comes with a variety of
> monitors already to go but turned off by default.
> When it jails the IP, it also fires off an email to me saying what it does
> along with a whois of the IP address.
> It appears to be very well designed and production ready in it's current
> state. I'm going to rate this one as a keeper. A+.
> http://www.fail2ban.org/
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>
>
--
Kevin P. Inscoe http://kevininscoe.com
Deltona, FL kevin [at] inscoe [dot] org
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list