[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Mon, 03 Sep 2007, John Kelly wrote:
> I stop brute force attacks by sending auth log messages to a FIFO
> which I read with a perl script. After 10 login failures, your IP is
> firewalled for 24 hours.

fail2ban is an easy way to do this (for ssh and optionally anything
else that people will try to bruteforce.)

Description: bans IPs that cause multiple authentication errors
 Monitors log files (e.g. /var/log/auth.log,
 /var/log/apache/access.log) and temporarily or persistently bans
 failure-prone addresses by updating existing firewall rules. The
 software was completely rewritten at version 0.7.0 and now allows
 easy specification of different actions to be taken such as to ban an
 IP using iptables or hostsdeny rules, or simply to send a
 notification email. Currently, by default, supports ssh/apache/vsftpd
 but configuration can be easily extended for monitoring any other ASCII
 file. All filters and actions are given in the config files, thus
 fail2ban can be adopted to be used with a variety of files and
  Homepage: http://www.fail2ban.org

Don Armstrong

The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly go wrong goes wrong it usually turns out to be impossible to
get at or repair.
 -- Douglas Adams  _Mostly Harmless_

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to: