Introducing fail2ban, and first steps towards sharing attacker’s IP by Arturo ‘Buanzo’ Busleiman Fail2ban is a lovely python-based tool written by Cyril Jaquier that monitors different logfiles for lines matching regular expressions. From those lines it extracts the attackers IP address, and runs a command passing that as a parameter. In more simple terms, it [...]
In Ubuntu 10.04, rsyslogd is used. That means that, by default, it compresses repeated syslog messages like this: Failed password for root from 18.104.22.168 port 22 ssh2 last message repeated 5 time So, fail2ban count would be ’1′ for the attack coming from that IP. The fix: sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf sudo [...]
Cyral Jaquier, fail2ban’s author, has given me write access to fail2ban’s subversion repository. I’m very happy!
So, if you don’t know what fail2ban is.. then you should be visiting their site first – In short, it’s a simple tool for Unix-based systems that monitors log files while applying regular expression rules searching for a match. When a match is found, the IP or host mentioned in the match gets blocked at [...]