[GRLUG] IP Blocking

Greg Folkert greg at gregfolkert.net
Fri Feb 22 18:49:16 EST 2008


On Fri, 2008-02-22 at 12:11 -0500, Dennis Kaminski wrote:
> Doug,
> 
> What was he name if the "automatic IP blocking" process you mentioned
> last night. I guess I should have been taking notes.
> 
> I'm currently using my own python program that reads /var/log/secure
> looking for failed login attempts and selected user names that hackers
> frequently use.

Bleah... others are suggesting denyhosts. While its a good product it is
unwieldy.

I have had it on machines I inherited. I was getting emails at all
times, it wasn't well configured, caused problems.

I use fail2ban

http://packages.debian.org/source/sid/fail2ban

Sure its a Debian package, but its much less problematic and it is
portable. Grab the source and look at the README.

-- 
greg at gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0  2B3A ED66 6971 B524 687C
Alternate Fingerprint: 09F9 1102 9D74  E35B D841 56C5 6356 88C0
Alternate Fingerprint: 455F E104 22CA  29C4 933F 9505 2B79 2AB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://shinobu.grlug.org/pipermail/grlug/attachments/20080222/290890e4/attachment.pgp 


More information about the grlug mailing list