Chris Shelton
Mon, 10 Oct 2005 12:34:44 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 Oct 2005 at 11:33am, Danny wrote:
On 10/10/05, Christophe Garault <[EMAIL PROTECTED]> wrote:This is exactly what fail2ban do. It's a very nice script written in python that can block an IP for an amount of time after several login attempts. It can monitor ssh and apache. Look at http://sourceforge.net/projects/fail2ban or directly emerge it as it is allready in Portage. I have it running for a couple of months and I must say that I'm very satisfied.I don't see it in portage, is it under a different name? I see denyhosts in portage, but that one doesn't seem to remove older bans it added to the hosts.deny file. I'm not sure yet if Fail2Ban will do this but Christophe Garault suggested it does.
I haven't found fail2ban in the main portage tree, but instead setup a local portage overlay and installed the ebuild from the sourceforge site. I have been using fail2ban for a few months now, and can affirm that it does remove bans after a configurable period of time.
Instead of using hosts.deny, fail2ban adds and removes rules from an iptables firewall. After some time of doing this work manually, I discovered that there is a limit to the number of individual IP addresses that can be processed in a hosts.deny file that is definitely much lower than the number of allowable rules iptables can handle.
chris- -- Chris Shelton
- - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8 JMaKyHsU0eyyiPXpho2v0LE= =oCy/ -----END PGP SIGNATURE----- -- gentoo-security@gentoo.org mailing list