My 2 cents,
http://configserver.com/cp/csf.html
Running it for a couple of years, and is great for doing the things fail2ban
does, but much much more. You can even process custom logfiles with this,
through a simple regex rule. For example:
#process vpopmail log for login failures and block port 110 & 143 for 900
seconds after 10 failures on the same user login within 300 seconds.
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~
/^\S+\s+\d+\s+\d+:\d+:\d+\s+\S+\s\S+\s+\S+ vpopmail user not found
\S+?@:(\d+.\d+.\d+\.\d+)/)) {
return ("Failed vpopmail login
from",$1,"vpopmail","10","110,143","900");
}
#process assp log for blacklisted domains and block complete IP.
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /\[BlackDomain\]
(\d+.\d+.\d+.\d+)/)) {
return ("Too many SPAM entries
BLACKLISTED",$1,"asspblackdomain","1","","0");
}
#process assp log for user unknown messages and block IP after 3 failures on
the same user unknown message within 300 seconds.
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S.* (\d+\.\d+\.\d+\.\d+)
\S.* User unknown: (\S+)/)) {
return ("User unknown too much
($2)",$1,"asspuserunknown","3","","0");
}
csf is offcourse iptables based, so only unix here ;) It consists out of 2
processes: csf, the actual firewall, configurable through simple config file
(with test mode in case you break things and lockout yourself) & lfd, which
does the actual blocking when rules are being trespassed.
CSF = cluster aware, so you can install it on every linux server you have
running and share config, or send new blocks to your complete cluster. Great
stuff and being active developed.
Best regards,
Pascal
Op 1 jun 2011, om 21:28 heeft Trevor Jacques het volgende geschreven:
>
>
>> What is "fail2ban" ?
>
> http://Google.com/search?q=fail2ban
>
> http://en.wikipedia.org/wiki/Fail2ban
>
> ;-)
>
> T.
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
