On 04/12/2017 09:37 AM, Robert Kudyba wrote:
> Great idea! Do you know if it would work with/in conjunction with the
> f2b-badips-to-hostsdeny.sh <http://f2b-badips-to-hostsdeny.sh> script
> and not overwrite what it writes to in the /etc/hosts.deny file?
According to the documentation at the top of that script, it creates and
maintains its own block in /etc/hosts.deny and doesn't molest any other
blocks in the file, so you should be able to use both my script and
f2b-badips-to-hostdeny.sh.
However, there is a race condition risk: since my script runs
continuously and adds new IPs to hosts.deny as they are detected, it
could end up trying to update hosts.deny at the same time as the other
script. Both my script and the other one make their changes by creating
a new version of hosts.deny and then renaming it into place, so
hosts.deny will never end up getting corrupted; the worst that could
happen is that an update from one of the two scripts could be lost.
On my server, auto-dnsbl.pl on average updates hosts.deny about twice
per minute, and each update takes a fraction of a second, so the
likelihood of both scripts attempting to update hosts.deny at the same
time is pretty low. Having said that, if you're still worried about it,
then I'd recommend running f2b-badips-to-hostsdeny.sh on the order of
hourly rather than daily, so that if one of its updates is lost you
won't go two whole days without an update.
It's a shame that hosts.deny doesn't allow include files. :-/
jik
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
