Update 2015/August/16: YOU MIGHT WISH TO CHECK THIS OUT INSTEAD: http://blogs.buanzo.com.ar/2015/08/introducing-fail2ban-zmq-tools-a-fail2ban-clustering-solution-based-on-zeromq.html Introducing fail2ban, and first steps towards sharing attacker’s IP by Arturo ‘Buanzo’ Busleiman Fail2ban is a lovely python-based tool written by Cyril Jaquier that monitors different logfiles for lines matching regular expressions. From those lines it extracts the attackers IP address, and runs a […]
In Ubuntu 10.04, rsyslogd is used. That means that, by default, it compresses repeated syslog messages like this: Failed password for root from 220.127.116.11 port 22 ssh2 last message repeated 5 time So, fail2ban count would be ‘1’ for the attack coming from that IP. The fix: sudo sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf sudo […]
Cyral Jaquier, fail2ban’s author, has given me write access to fail2ban’s subversion repository. 😀 I’m very happy!
So, if you don’t know what fail2ban is.. then you should be visiting their site first 🙂 – In short, it’s a simple tool for Unix-based systems that monitors log files while applying regular expression rules searching for a match. When a match is found, the IP or host mentioned in the match gets blocked […]