Gentoo Archives: gentoo-security

From: Chris Shelton <cshelton@×××××××.edu>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] If your interested
Date: Mon, 10 Oct 2005 19:35:48
Message-Id: Pine.LNX.4.63.0510101340020.5067@cshelton.fms.indiana.edu
In Reply to: Re: [gentoo-security] If your interested by Danny
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4
5 On Mon, 10 Oct 2005 at 11:33am, Danny wrote:
6
7 > On 10/10/05, Christophe Garault <christophe@×××××××.org> wrote:
8 >> This is exactly what fail2ban do. It's a very nice script written in
9 >> python that can block an IP for an amount of time after several login
10 >> attempts. It can monitor ssh and apache. Look at
11 >> http://sourceforge.net/projects/fail2ban or directly emerge it as it is
12 >> allready in Portage. I have it running for a couple of months and I must
13 >> say that I'm very satisfied.
14 >
15 > I don't see it in portage, is it under a different name? I see
16 > denyhosts in portage, but that one doesn't seem to remove older bans
17 > it added to the hosts.deny file. I'm not sure yet if Fail2Ban will do
18 > this but Christophe Garault suggested it does.
19
20 I haven't found fail2ban in the main portage tree, but instead setup a
21 local portage overlay and installed the ebuild from the sourceforge site.
22 I have been using fail2ban for a few months now, and can affirm that it
23 does remove bans after a configurable period of time.
24
25 Instead of using hosts.deny, fail2ban adds and removes rules from an
26 iptables firewall. After some time of doing this work manually, I
27 discovered that there is a limit to the number of individual IP addresses
28 that can be processed in a hosts.deny file that is definitely much lower
29 than the number of allowable rules iptables can handle.
30
31 chris
32
33 - --
34 Chris Shelton
35 - -
36
37 -----BEGIN PGP SIGNATURE-----
38 Version: GnuPG v1.4.1 (GNU/Linux)
39
40 iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8
41 JMaKyHsU0eyyiPXpho2v0LE=
42 =oCy/
43 -----END PGP SIGNATURE-----
44 --
45 gentoo-security@g.o mailing list