[Leaplist] fail2ban

Kevin Inscoe kevin at inscoe.org
Tue Mar 9 09:58:25 EST 2010 

syslog-ng can be configured to execute commands although frankly I
like the fail2ban script idea better you will have a lot of forks
running from your syslogger probably not a good idea in general for
something like attacks.

On Tue, Mar 9, 2010 at 9:39 AM, Richard F. Ostrow Jr.
<rich at warfaresdl.com> wrote:
> Any chance this thing can be configured to respond to a command line
> rather than scanning a log file? Syslog can be configured to send syslog-ng can be configured
> from any program (ex. sshd) to external applications (ex. fail2ban) so it
> doesn't have to do any "scanning" of my logs... I've been using that to
> permanently ban IPs that fail to log on even once, but thus far have not
> put enough intelligence in there to make it immune to my internal IPs
> (apparently, attackers have been spoofing internal IPs to lock some of my
> internal machines out)
> On Mon, March 8, 2010 6:53 pm, Phil Barnett wrote:
>> I was looking for a solution to automatically firewall password guessing
>> attacks to ssh my server and came across this interesting solution.
>>
>> By default, it runs as a service, it monitors logs and when it sees x
>> number
>> of failed attempts (defined by regex and x = 6 in the ssh monitor), it
>> jails
>> the IP for 600 seconds (also configurable). After 600 more seconds, it is
>> removed from the jail.
>>
>> Today, it isolated and temporarily jailed 8 IP addresses.
>>
>> It was very easy to install and configure and comes with a variety of
>> monitors already to go but turned off by default.
>>
>> When it jails the IP, it also fires off an email to me saying what it does
>> along with a whois of the IP address.
>>
>> It appears to be very well designed and production ready in it's current
>> state. I'm going to rate this one as a keeper. A+.
>>
>> http://www.fail2ban.org/
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> _______________________________________________
>> Leaplist mailing list
>> Leaplist at leap-cf.org
>> http://lists.leap-cf.org/mailman/listinfo/leaplist
>>
>
>
> --
> Life without passion is death in disguise
>
>
> -----------------------------------------
> This email was sent using SquirrelMail.
>   "Webmail for nuts!"
> http://squirrelmail.org/
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>



-- 
Kevin P. Inscoe      http://kevininscoe.com
Deltona, FL        kevin [at] inscoe [dot] org

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list