Gentoo Archives: gentoo-security

From: Chris Shelton <cshelton@×××××××.edu>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] If your interested
Date: Mon, 10 Oct 2005 19:35:48
Message-Id: Pine.LNX.4.63.0510101340020.5067@cshelton.fms.indiana.edu
In Reply to: Re: [gentoo-security] If your interested by Danny
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Mon, 10 Oct 2005 at 11:33am, Danny wrote:

> On 10/10/05, Christophe Garault <christophe@×××××××.org> wrote: >> This is exactly what fail2ban do. It's a very nice script written in >> python that can block an IP for an amount of time after several login >> attempts. It can monitor ssh and apache. Look at >> http://sourceforge.net/projects/fail2ban or directly emerge it as it is >> allready in Portage. I have it running for a couple of months and I must >> say that I'm very satisfied. > > I don't see it in portage, is it under a different name? I see > denyhosts in portage, but that one doesn't seem to remove older bans > it added to the hosts.deny file. I'm not sure yet if Fail2Ban will do > this but Christophe Garault suggested it does.
I haven't found fail2ban in the main portage tree, but instead setup a local portage overlay and installed the ebuild from the sourceforge site. I have been using fail2ban for a few months now, and can affirm that it does remove bans after a configurable period of time. Instead of using hosts.deny, fail2ban adds and removes rules from an iptables firewall. After some time of doing this work manually, I discovered that there is a limit to the number of individual IP addresses that can be processed in a hosts.deny file that is definitely much lower than the number of allowable rules iptables can handle. chris - -- Chris Shelton - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8 JMaKyHsU0eyyiPXpho2v0LE= =oCy/ -----END PGP SIGNATURE----- -- gentoo-security@g.o mailing list