Douglas Muth on 22 Mar 2009 16:20:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Fail2ban (was: Re: 'logcheck')

On Sun, Mar 22, 2009 at 4:17 PM, JP Vossen <> wrote:
> I have said this before but I am a huge fan of the Debian/Ubuntu
> implementation of logcheck.  I am also not aware of any other major
> distro that makes using logcheck so "built-in" and easy.
> If you run any kind of Debian/Ubuntu server, you really need to be using
> this.  As soon as something bad or new happens, you get an email.  It's
> like magic.

Speaking of "must have" packages for servers, I'm a big fan of fail2ban, myself:

fail2ban - bans IPs that cause multiple authentication errors

By default, installing fail2ban via apt-get will also include a
configuration that drops traffic from a remote host after 6 failed SSH
attempts.  This was a godsend when some host from China kept trying to
log into one of my machines every 10 seconds.  The installation
process started the daemon, and 6 login attempts later, all traffic
from that host was dropped via iptables.

-- Doug
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --