Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...

[Steve Litt <slitt@troubleshooters.com>]

On Fri, 24 Aug 2018 18:38:04 -0400
Fred Stluka <fred@bristle.com> wrote:

> Rich,
> 
> > For example,
> > block access to ssh from all of Digital Ocean's blocks.  Same for
> > AWS  
> 
> Please don't encourage people to block all access from AWS servers.
> 
> My servers and those of almost all of my clients are hosted on AWS.
> So is the CIA, and other major parts of the US Govt.  Also, major
> companies like Netflix, Adobe, GE, Kelloggs, BMW, etc.  If you're
> going to ding AWS for having some ignorant, negligent, incompetent
> users, you may as well ding all Windows users, and many Linux
> users also.  What large segment of the world is trustworthy enough
> to allow in?  That's why I prefer fail2ban.  3 strikes and you're out,
> but until then, you're presumed innocent.
> 
> --Fred

You're a good salesman, Fred. I just installed fail2ban. By the way,
anyone with Void Linux, you're going to have to manually create
directory /var/lib/fail2ban in order for fail2ban-server to auto-create
the database. Whoops!

Out of an abundance of caution and because I don't know my way around
fail2ban, I've set my dbpurge to 600 seconds so worst comes to worst
I'm locked out for 10 minutes. It came configured as a day.

So far I have no evidence that fail2ban is banning anything. No
evidence in /var/log/fail2ban.log, even when I tried to su - to root 5
times fast with a wrong password. So I'll need to do some more study.

Thanks for the tip!

SteveT

Steve Litt 
September 2018 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug