1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
On Mon, 10 Oct 2005 at 11:33am, Danny wrote: |
6 |
|
7 |
> On 10/10/05, Christophe Garault <christophe@×××××××.org> wrote: |
8 |
>> This is exactly what fail2ban do. It's a very nice script written in |
9 |
>> python that can block an IP for an amount of time after several login |
10 |
>> attempts. It can monitor ssh and apache. Look at |
11 |
>> http://sourceforge.net/projects/fail2ban or directly emerge it as it is |
12 |
>> allready in Portage. I have it running for a couple of months and I must |
13 |
>> say that I'm very satisfied. |
14 |
> |
15 |
> I don't see it in portage, is it under a different name? I see |
16 |
> denyhosts in portage, but that one doesn't seem to remove older bans |
17 |
> it added to the hosts.deny file. I'm not sure yet if Fail2Ban will do |
18 |
> this but Christophe Garault suggested it does. |
19 |
|
20 |
I haven't found fail2ban in the main portage tree, but instead setup a |
21 |
local portage overlay and installed the ebuild from the sourceforge site. |
22 |
I have been using fail2ban for a few months now, and can affirm that it |
23 |
does remove bans after a configurable period of time. |
24 |
|
25 |
Instead of using hosts.deny, fail2ban adds and removes rules from an |
26 |
iptables firewall. After some time of doing this work manually, I |
27 |
discovered that there is a limit to the number of individual IP addresses |
28 |
that can be processed in a hosts.deny file that is definitely much lower |
29 |
than the number of allowable rules iptables can handle. |
30 |
|
31 |
chris |
32 |
|
33 |
- -- |
34 |
Chris Shelton |
35 |
- - |
36 |
|
37 |
-----BEGIN PGP SIGNATURE----- |
38 |
Version: GnuPG v1.4.1 (GNU/Linux) |
39 |
|
40 |
iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8 |
41 |
JMaKyHsU0eyyiPXpho2v0LE= |
42 |
=oCy/ |
43 |
-----END PGP SIGNATURE----- |
44 |
-- |
45 |
gentoo-security@g.o mailing list |