Re: [PLUG] Fail2ban (was: Re: 'logcheck')

bergman on 22 Mar 2009 17:19:33 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fail2ban (was: Re: 'logcheck')

From: bergman@merctech.com

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Date: Sun, 22 Mar 2009 20:19:27 -0400

Reply-to: bergman@merctech.com, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

In the message dated: Sun, 22 Mar 2009 19:20:46 EDT, The pithy ruminations from Douglas Muth on <[PLUG] Fail2ban (was: Re: 'logcheck')> were: => On Sun, Mar 22, 2009 at 4:17 PM, JP Vossen <jp@jpsdomain.org> wrote: => > I have said this before but I am a huge fan of the Debian/Ubuntu => > implementation of logcheck. =A0I am also not aware of any other major => > distro that makes using logcheck so "built-in" and easy. => > => > If you run any kind of Debian/Ubuntu server, you really need to be using => > this. =A0As soon as something bad or new happens, you get an email. =A0It= => 's => > like magic. => => Speaking of "must have" packages for servers, I'm a big fan of fail2ban, my= => self: => => fail2ban - bans IPs that cause multiple authentication errors Yep! => => By default, installing fail2ban via apt-get will also include a => configuration that drops traffic from a remote host after 6 failed SSH => attempts. This was a godsend when some host from China kept trying to => log into one of my machines every 10 seconds. The installation Ha! Less than 3 minutes before reading your post, I was examining the fail2ban report mail about unsuccessful login attempts...from over 25 different Chinese hosts today. => process started the daemon, and 6 login attempts later, all traffic => from that host was dropped via iptables. Six login attempts? You're very generous. I ban hosts after 3 attempts. I also changed the banned period from the default to one hour. Mark => => -- Doug => ___________________________________________________________________________ => Philadelphia Linux Users Group -- http://www.phillylinux.org => Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce => General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug => ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Fail2ban (was: Re: 'logcheck')
From: Douglas Muth <doug.muth@gmail.com>

Re: [PLUG] Fail2ban (was: Re: 'logcheck')
From: jeff <jeffv@op.net>

References:

[PLUG] Fail2ban (was: Re: 'logcheck')
From: Douglas Muth <doug.muth@gmail.com>

Prev by Date: [PLUG] Fail2ban (was: Re: 'logcheck')

Next by Date: Re: [PLUG] OT:Linux-compatible personal audio players?

Previous by thread: [PLUG] Fail2ban (was: Re: 'logcheck')

Next by thread: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Index(es):

Date

Thread