Re: RFC: changes to default password strength checks in pam_unix
On Mon, 03 Sep 2007, John Kelly wrote:
> I stop brute force attacks by sending auth log messages to a FIFO
> which I read with a perl script. After 10 login failures, your IP is
> firewalled for 24 hours.
fail2ban is an easy way to do this (for ssh and optionally anything
else that people will try to bruteforce.)
Description: bans IPs that cause multiple authentication errors
Monitors log files (e.g. /var/log/auth.log,
/var/log/apache/access.log) and temporarily or persistently bans
failure-prone addresses by updating existing firewall rules. The
software was completely rewritten at version 0.7.0 and now allows
easy specification of different actions to be taken such as to ban an
IP using iptables or hostsdeny rules, or simply to send a
notification email. Currently, by default, supports ssh/apache/vsftpd
but configuration can be easily extended for monitoring any other ASCII
file. All filters and actions are given in the config files, thus
fail2ban can be adopted to be used with a variety of files and
firewalls.
.
Homepage: http://www.fail2ban.org
Don Armstrong
--
The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly go wrong goes wrong it usually turns out to be impossible to
get at or repair.
-- Douglas Adams _Mostly Harmless_
http://www.donarmstrong.com http://rzlab.ucr.edu
Reply to: