Proactive protection enhancements for fail2ban – Part 1
Introducing fail2ban, and first steps towards sharing attacker’s IP by Arturo ‘Buanzo’ Busleiman Fail2ban is a lovely python-based tool written by Cyril Jaquier that monitors different logfiles for lines matching regular expressions. From those lines it extracts the attackers IP address, and runs a command passing that as a parameter. In more simple terms, it [...]
FIX: fail2ban does not work in Ubuntu 10.04
In Ubuntu 10.04, rsyslogd is used. That means that, by default, it compresses repeated syslog messages like this: Failed password for root from 1.2.3.4 port 22 ssh2 last message repeated 5 time So, fail2ban count would be ’1′ for the attack coming from that IP. The fix: sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf sudo [...]
I’m now a fail2ban developer :D
Cyral Jaquier, fail2ban’s author, has given me write access to fail2ban’s subversion repository. I’m very happy!
Fail2ban rules for lighttpd fastcgi alerts
So, if you don’t know what fail2ban is.. then you should be visiting their site first – In short, it’s a simple tool for Unix-based systems that monitors log files while applying regular expression rules searching for a match. When a match is found, the IP or host mentioned in the match gets blocked at [...]
