[CentOS] fail2ban behavior
Joseph L. Casale
jcasale at activenetwerx.com
Mon Aug 9 15:29:20 UTC 2010
>http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal
>"Question about persistant IP bans over restart"
>
>I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite
the action scripts my jails use. The odd part is the initial parsing
behavior on a real restart such as a reboot, it parses the logs and
only catches some of the total potential hosts that can trigger the
ban. Prolly just a bug...
Really, unless your ban time is shorter than your logrotate, or you
configure it to read some of the rotated logs there is a problem with
maintaining the banlist on restarts if you don't do as the orig script
does and del the iptables rules when exiting. If the process sh!ts the
bed you still have an issue which wouldn't get cleared up until the
next restart, but with the parsing issue you're left with an incomplete
ruleset:/
Anyone know of a more elaborate app that does what fail2ban does but
maintains a better state inbetween restarts?
Thanks!
jlc
More information about the CentOS
mailing list