List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 10 Oct 2005 at 11:33am, Danny wrote:
> On 10/10/05, Christophe Garault <christophe@...> wrote:
>> This is exactly what fail2ban do. It's a very nice script written in
>> python that can block an IP for an amount of time after several login
>> attempts. It can monitor ssh and apache. Look at
>> http://sourceforge.net/projects/fail2ban or directly emerge it as it is
>> allready in Portage. I have it running for a couple of months and I must
>> say that I'm very satisfied.
> I don't see it in portage, is it under a different name? I see
> denyhosts in portage, but that one doesn't seem to remove older bans
> it added to the hosts.deny file. I'm not sure yet if Fail2Ban will do
> this but Christophe Garault suggested it does.
I haven't found fail2ban in the main portage tree, but instead setup a
local portage overlay and installed the ebuild from the sourceforge site.
I have been using fail2ban for a few months now, and can affirm that it
does remove bans after a configurable period of time.
Instead of using hosts.deny, fail2ban adds and removes rules from an
iptables firewall. After some time of doing this work manually, I
discovered that there is a limit to the number of individual IP addresses
that can be processed in a hosts.deny file that is definitely much lower
than the number of allowable rules iptables can handle.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----
email@example.com mailing list