Greetings
We have a large number of nodes (servers) running linux behind PFSense
in transparent mode.
We are recent PFSense converts...
I am thinking it might be nice to see if someone could do the following.
And therefore Want to post a $100 bounty on this.
Most of the Linux world uses BFD and/or CSF/LFD to find brute force
issues...
What I would like to do is this.
1. Have the PFSense server query the Log files from the servers
running behind the system.
Logs look something like this
Deny.txt
210.0.211.114 # lfd: 5 (ftpd) login failures from 210.0.211.114 - Sat
Sep 20 18:29:29 2008
74.143.21.36 # lfd: 5 (ftpd) login failures from 74.143.21.36 - Sat
Sep 20 22:36:19 2008
216.232.70.72 # lfd: 5 (pop3d) login failures from 216.232.70.72 - Sun
Sep 21 08:14:16 2008
2. Using Perl or another application bring in the ip's from the deny
log files and then block them from the entire network by dynamically
adding a ruleset to PFSense.
I would like to see this be able to run on a cron say - every 5
minutes or so on each server.
Another option now that I think about it - would be have each log
write to a syslog server perhaps
or get copied to 1 location and then have the pfsense system pull from
it.
I would like to have this help smaller and larger network systems
however...
Questions?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
