Hi,
Le 01/06/2017 à 09:46, Tom Hendrikx a écrit :
The recidive jail does this , to some extent. Maybe it's already enough
for what you need?
On 01-06-17 07:34, Philip Warner wrote:
I've set up a ban that runs for B time after F fails in T minutes.
After each IP is un-banned, what I would like to do is, say, decrement F
(or even halve it) for each IP that was previously banned in a given
window. Or double B. Or both.
For example:
- specific IP banned for 1 hour as a result of 10 fails in 30 min.
- then un-banned after 1 hour
I would like something along the lines of:
- for the next 4 hours will be banned again for one hour for *FIVE*
fails in 30 min.
or
- for the next 4 hours will be banned again for *TWO* hours for *FIVE*
fails in 30 min.
etc
Is this easy/possible?
I would not say it is easy. It is however possible. But to achieve your
goal, you will have to steal the control from Fail2Ban.
To achieve what you describe, you will have to maintain your own state,
thus leaving to Fail2Ban only the role of pattern matching and routing.
To get a feeling of what can be done, and how to do this, you can see an
example here:
http://yalis.fr/cms/index.php/post/2014/11/02/Migrate-from-DenyHosts-to-Fail2ban
Cheers,
Y.
I imagine there would be a global 'horizon' setting, and each IP would
have some kind of "ban severity level" incremented each time it gets
banned again within the horizon, and decremented each time the horizon
passes without a ban.
The ban duration would/could be affected by the "ban severity level" and
the ban threshold could be similarly affected.
Does this sound useful?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
