[ProgSoc] Fail2Ban

sanguinev at progsoc.org sanguinev at progsoc.org
Tue Apr 13 11:21:47 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon Pearce wrote:
> Hi
> 
> I can dump out my auth.log file if you want but the IP's are the same for a
> large number of tries and are not being banned.
> 
> I will watch the logs further to see if this keeps occuring
> 
> Cheers

Hi,

I haven't looked at the details of your logs/jail.conf, but they can be
tweaked to lock things down further.

Perhaps the key things to consider/look out for are:

Ensure the blocking for SSH is enabled (there are other methods as
well). If you want you can also enable DDoS blocking here.

Configure the polling/lock checking frequency to meet your requirements.

Configure the ban periods to be what you want - if you have very few
users and/or excellent password typing precision then you may wish to
make it more aggressive.

Consider other options both to configure fail2ban and to lock out
malicious attempts to log in. For example you could block all the IP
addresses in Belgium if you are sure you will never need to log in from
there.

- - SanguineV

P.S. Of course if you can make it in to ProgSoc one Thursday someone
will probably be happy to look through in more detail with you.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLw8cqAAoJEI+NvFGSwhPnJzoP/1la8gZ806AKpOQjceBlFsa8
U/+6EdSuvV3y/SyXaZce5v0Bj5QijiO5aoc4i4obAkLAbc9GfmBMA7PRasY5o8Lx
7B9QOMtKzOunPJIt60Zs5sft8YoT+jCGn9ioK7hDj2/OlS5G3Az+r1pMNOyi6k65
5yXuAtArMi8+MdUoT17JVh1vE93RAwzXkhwcsZ4uh7tnLiPF+bPzPykZ490uIVF0
B7S+e+Ekho6AEtCOxOYs9k3GQDSb97lRBDmTrwLMJwfbUJSg5pEwyP06keEL0H4p
hduvC6Lh/FwGrq3AvDn3qfS4VRsISU3QweRBRxxerb/WBHEmBS1Cmf5HTbmQLvsa
+EuKbXJm6xmeW0SkzVSWSl0LnURHPaAy8iYoqRa83q104yss4qEqPCGyNQuOWcWO
L8c6OCjPKE984kpaSZw1x54ZGmjd2XTruCvqwe8G4Kxafh2a6QiByzby1z8LI8vJ
A+LYyevSp5v5MdG0hZFh4kMB/FVTaLUi6TDkv49GOwbkopr+bVpmPAgGV5jOpOvA
fZSws55oDRynzafxhGLwBorJO8eFl02JnVUDJXhFuF3ViZ816nWeHA1a2I4+UZ9M
4CyP3Rfgc5oWE+M5qe4Fz4qjcezENp9bvRosFBh9OG6RCbM+rAQuW7P4G+cRFN5s
VWo2zviwvwG10DF6j/BF
=tBL5
-----END PGP SIGNATURE-----



More information about the Progsoc mailing list