[Leaplist] fail2ban

Richard F. Ostrow Jr. rich at warfaresdl.com
Tue Mar 9 09:39:57 EST 2010 

Any chance this thing can be configured to respond to a command line
rather than scanning a log file? Syslog can be configured to send output
from any program (ex. sshd) to external applications (ex. fail2ban) so it
doesn't have to do any "scanning" of my logs... I've been using that to
permanently ban IPs that fail to log on even once, but thus far have not
put enough intelligence in there to make it immune to my internal IPs
(apparently, attackers have been spoofing internal IPs to lock some of my
internal machines out)
On Mon, March 8, 2010 6:53 pm, Phil Barnett wrote:
> I was looking for a solution to automatically firewall password guessing
> attacks to ssh my server and came across this interesting solution.
>
> By default, it runs as a service, it monitors logs and when it sees x
> number
> of failed attempts (defined by regex and x = 6 in the ssh monitor), it
> jails
> the IP for 600 seconds (also configurable). After 600 more seconds, it is
> removed from the jail.
>
> Today, it isolated and temporarily jailed 8 IP addresses.
>
> It was very easy to install and configure and comes with a variety of
> monitors already to go but turned off by default.
>
> When it jails the IP, it also fires off an email to me saying what it does
> along with a whois of the IP address.
>
> It appears to be very well designed and production ready in it's current
> state. I'm going to rate this one as a keeper. A+.
>
> http://www.fail2ban.org/
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>


-- 
Life without passion is death in disguise


-----------------------------------------
This email was sent using SquirrelMail.
   "Webmail for nuts!"
http://squirrelmail.org/


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list