At 09:00 PM 11/10/2020, Kenneth Porter wrote:
--On Tuesday, November 10, 2020 9:48 AM -0500 Robert Kudyba
<rkud...@fordham.edu> wrote:
Here's another useful resource: https://iptoasn.com/
Any idea how to download the list and update /etc/hosts on a regular
basis?
I don't, but haven't messed with it much. I haven't tried the API.
When stuff like that doesn't work, I take Obi-wan's advice: Use the
source, Luke! :D There's a link at the bottom of the page to the web
service source code on GitHub.
Instead of /etc/hosts, I'd load the values into an ipset, probaby
using firewalld's commands to make them persistent and to reference
them in a "direct" iptables rule.
This is exactly what login-shield does.
https://github.com/dpsystems/login-shield
It's a curated blacklist of large IP blocks representing the areas
where the lion's share of attacks and system probes are coming from
(China, Russia, Brasil, etc.) that uses ipset, as well as IP space of
known proxies and other dubious sources. It works amazingly
well. Here's a report on the last 10 days of activity on my server:
_ _ _____ _ _ _ _
| | (_) / ____| | (_) | | | |
| | ___ __ _ _ _ __ _____| (___ | |__ _ ___| | __| |
| | / _ \ / _` | | ^_ \______\___ \| _ \| |/ _ \ |/ _` |
| |___| (_) | (_| | | | | | ____) | | | | | __/ | (_| |
|______\___/ \__, |_|_| |_| |_____/|_| |_|_|\___|_|\__,_|
__/ |
|___/
============= Login-Shield Statistics based on current log files ===========
Using: /var/log/messages and /var/log/secure
Start: Nov 1 05:00:41
End : Nov 11 07:09:15
============================================================================
Total system attacks: 3733
Blocked attempts : 3724
Attacks got through : 9 (login failures)
---------------------------------
% Of Attacks Blocked: 99.7589%
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
