Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Chris Shelton <cshelton@...>
Subject: Re: If your interested
Date: Mon, 10 Oct 2005 14:27:20 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Mon, 10 Oct 2005 at 11:33am, Danny wrote:

> On 10/10/05, Christophe Garault <christophe@...> wrote:
>> This is exactly what fail2ban do. It's a very nice script written in
>> python that can block an IP for an amount of time after several login
>> attempts. It can monitor ssh and apache. Look at
>> http://sourceforge.net/projects/fail2ban or directly emerge it as it is
>> allready in Portage. I have it running for a couple of months and I must
>> say that I'm very satisfied.
>
> I don't see it in portage, is it under a different name?  I see
> denyhosts in portage, but that one doesn't seem to remove older bans
> it added to the hosts.deny file.  I'm not sure yet if Fail2Ban will do
> this but Christophe Garault suggested it does.

I haven't found fail2ban in the main portage tree, but instead setup a 
local portage overlay and installed the ebuild from the sourceforge site. 
I have been using fail2ban for a few months now, and can affirm that it 
does remove bans after a configurable period of time.

Instead of using hosts.deny, fail2ban adds and removes rules from an 
iptables firewall.  After some time of doing this work manually, I 
discovered that there is a limit to the number of individual IP addresses 
that can be processed in a hosts.deny file that is definitely much lower 
than the number of allowable rules iptables can handle.

chris

- -- 
Chris Shelton
- -

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8
JMaKyHsU0eyyiPXpho2v0LE=
=oCy/
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list


References:
If your interested
-- Brian Micek
Re: If your interested
-- RADDS Support Team
Re: If your interested
-- Craig
Re: If your interested
-- Brian Micek
Re: If your interested
-- Taka John Brunkhorst
Re: If your interested
-- Dave Strydom
Re: If your interested
-- Ben Anderson
Re: If your interested
-- Bernhard Egger
Re: If your interested
-- Christophe Garault
Re: If your interested
-- Danny
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: If your interested
Next by thread:
Re: If your interested
Previous by date:
Re: If your interested
Next by date:
Re: If your interested


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.