-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Mon, 10 Oct 2005 at 11:33am, Danny wrote:

> On 10/10/05, Christophe Garault <christophe@...> wrote:
>> This is exactly what fail2ban do. It's a very nice script written in
>> python that can block an IP for an amount of time after several login
>> attempts. It can monitor ssh and apache. Look at
>> http://sourceforge.net/projects/fail2ban or directly emerge it as it is
>> allready in Portage. I have it running for a couple of months and I must
>> say that I'm very satisfied.
>
> I don't see it in portage, is it under a different name?  I see
> denyhosts in portage, but that one doesn't seem to remove older bans
> it added to the hosts.deny file.  I'm not sure yet if Fail2Ban will do
> this but Christophe Garault suggested it does.

I haven't found fail2ban in the main portage tree, but instead setup a 
local portage overlay and installed the ebuild from the sourceforge site. 
I have been using fail2ban for a few months now, and can affirm that it 
does remove bans after a configurable period of time.

Instead of using hosts.deny, fail2ban adds and removes rules from an 
iptables firewall.  After some time of doing this work manually, I 
discovered that there is a limit to the number of individual IP addresses 
that can be processed in a hosts.deny file that is definitely much lower 
than the number of allowable rules iptables can handle.

chris

- -- 
Chris Shelton
- -

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8
JMaKyHsU0eyyiPXpho2v0LE=
=oCy/
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list