This is probably old news for some, but....
I came across reference to "fail2ban" (http://www.fail2ban.org/). This
script package will monitor your logs for failed authentication attempts
and modify the firewall rules to ban the offending IP addresses.
On an APT based system (Debian, Ubuntu, etc.), you can likely get away
with "apt-get install fail2ban". There are instructions in the manual
for doing manual installs, and installs on Fedora and Gentoo.
Out of the box it handles SSH, HTTP/S, FTP, mail, and more. So, one
tool and the more common access methods of your server are protected
(using a very loose definition of protected here).
I dug a little deeper to see if I could tweak the settings, and found
the defaults to be rather sane. It appears to wait for 6 consecutive
failed attempts before blocking the IP. But this is configurable. Full
details are in the manual (http://www.fail2ban.org/wiki/index.php/Manual).
Just thought I'd share. The timing of finding this was convenient for
me as I wanted to apply something like this to my server before going to
DefCon - where I'll be accessing my server from a hostile network...
Shawn
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
