-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 10 Oct 2005 at 11:33am, Danny wrote:
On 10/10/05, Christophe Garault <[EMAIL PROTECTED]> wrote:
This is exactly what fail2ban do. It's a very nice script written in
python that can block an IP for an amount of time after several login
attempts. It can monitor ssh and apache. Look at
http://sourceforge.net/projects/fail2ban or directly emerge it as it is
allready in Portage. I have it running for a couple of months and I must
say that I'm very satisfied.
I don't see it in portage, is it under a different name? I see
denyhosts in portage, but that one doesn't seem to remove older bans
it added to the hosts.deny file. I'm not sure yet if Fail2Ban will do
this but Christophe Garault suggested it does.
I haven't found fail2ban in the main portage tree, but instead setup a
local portage overlay and installed the ebuild from the sourceforge site.
I have been using fail2ban for a few months now, and can affirm that it
does remove bans after a configurable period of time.
Instead of using hosts.deny, fail2ban adds and removes rules from an
iptables firewall. After some time of doing this work manually, I
discovered that there is a limit to the number of individual IP addresses
that can be processed in a hosts.deny file that is definitely much lower
than the number of allowable rules iptables can handle.
chris
- --
Chris Shelton
- -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDSsCdM5TknMKatUwRAhmeAKCRMecCGLBlNe6s5YxLmA1E/ZDFoACcCpM8
JMaKyHsU0eyyiPXpho2v0LE=
=oCy/
-----END PGP SIGNATURE-----
--
[email protected] mailing list
