Douglas Muth on 22 Mar 2009 16:20:51 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Fail2ban (was: Re: 'logcheck')


On Sun, Mar 22, 2009 at 4:17 PM, JP Vossen <jp@jpsdomain.org> wrote:
> I have said this before but I am a huge fan of the Debian/Ubuntu
> implementation of logcheck.  I am also not aware of any other major
> distro that makes using logcheck so "built-in" and easy.
>
> If you run any kind of Debian/Ubuntu server, you really need to be using
> this.  As soon as something bad or new happens, you get an email.  It's
> like magic.

Speaking of "must have" packages for servers, I'm a big fan of fail2ban, myself:

fail2ban - bans IPs that cause multiple authentication errors

By default, installing fail2ban via apt-get will also include a
configuration that drops traffic from a remote host after 6 failed SSH
attempts.  This was a godsend when some host from China kept trying to
log into one of my machines every 10 seconds.  The installation
process started the daemon, and 6 login attempts later, all traffic
from that host was dropped via iptables.

-- Doug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug