[GRLUG] IP Blocking
Greg Folkert
greg at gregfolkert.net
Fri Feb 22 18:49:16 EST 2008
On Fri, 2008-02-22 at 12:11 -0500, Dennis Kaminski wrote:
> Doug,
>
> What was he name if the "automatic IP blocking" process you mentioned
> last night. I guess I should have been taking notes.
>
> I'm currently using my own python program that reads /var/log/secure
> looking for failed login attempts and selected user names that hackers
> frequently use.
Bleah... others are suggesting denyhosts. While its a good product it is
unwieldy.
I have had it on machines I inherited. I was getting emails at all
times, it wasn't well configured, caused problems.
I use fail2ban
http://packages.debian.org/source/sid/fail2ban
Sure its a Debian package, but its much less problematic and it is
portable. Grab the source and look at the README.
--
greg at gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0
Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://shinobu.grlug.org/pipermail/grlug/attachments/20080222/290890e4/attachment.pgp
More information about the grlug
mailing list