1 |
On Thu, Feb 28, 2008 at 11:13:10AM +0000, Penguin Lover Steve squawked: |
2 |
> Thanks for all your suggestions... |
3 |
> |
4 |
> I will look into fail2ban... that might be what I need... While I could |
5 |
> crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this |
6 |
> (AFAIK) will not persist blocks when the server is powered down or rebooted. |
7 |
|
8 |
Hum, that is interesting. I haven't played with blacklist.py, but if |
9 |
it runs on top of iptables, the iptables init script *should* save the |
10 |
current config when powering down. I sort of depended on that when I |
11 |
cobbled together a perl script 2 years ago to parse the sshd log and |
12 |
ban sites using iptables. |
13 |
|
14 |
Also, I would not suggest banning forever. I started with the same |
15 |
mentality as you and coded as such. I switched quickly to banning for |
16 |
1 hour when once, due to not noticing the caps-lock light, I banned my |
17 |
work computer completely... After switching to the 1 hour ban, I did a |
18 |
small experiment and saved about 2 months worth of logs. Not a single |
19 |
ip address has been banned more than once (but there were several /24 |
20 |
in Korea, Taiwan, and Mexico that have many ip addresses banned). |
21 |
Based on this, I don't think it is strictly necessary to ban forever. |
22 |
|
23 |
Just my 2 cents. |
24 |
|
25 |
W |
26 |
-- |
27 |
Santa's helpers are subordinate clauses. |
28 |
Sortir en Pantoufles: up 447 days, 14:37 |
29 |
-- |
30 |
gentoo-user@l.g.o mailing list |