On 9/8/2010 9:52 AM, Matthew Miller wrote:
On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote:
Thanks, I'll try that. I had heard of fail2ban , but was slightly put off by the strange name; what exactly is the name meant to convey?
"to" as in the sense of "moving to", or "converting to". Failures (login failures normally, but other errors or log patterns can be used) cause the triggering IP address to be banned. (Or another action to be taken.)
This is excellent for preventing brute-force ssh attacks.
I've never used fail2ban, but from the wide community support, I'm sure it is more than just a viable option.
Not to discount any of the good advice given here, but I've had great successes with Advanced Policy Firewall (apf) [1] as a front-end to iptables, and an adjunct program, Brute Force Detection (bfd)[2].
Very flexible and easy-to-adjust settings, with global settings easily overridden on a service-by-service level.
My .02. YMMV, of course.
HTH, -Ray
[1] http://www.rfxn.com/projects/advanced-policy-firewall/ Note: I've always installed from the rfxn.com site directly, but there appears to be an RPM available at rpmforge: http://www.rpmfind.net/linux/RPM/dag/redhat/el5/i386/apf-9.7_1-1.el5.rf.noar...