[CentOS] bruteforce protection howto

Tue Mar 30 16:56:10 UTC 2010
Bowie Bailey <Bowie_Bailey at BUC.com>

Mihai T. Lazarescu wrote:
> On Sat, Mar 20, 2010 at 05:24:34PM -0500, Larry Vaden wrote:
>
>   
>> On Sat, Mar 20, 2010 at 5:17 PM, Vadkan Jozsef <jozsi.avadkan at gmail.com> wrote:
>>     
>>> What's the best method to ban that ip [what is bruteforcig a server]
>>> what was logged on the logger?
>>> I need to ban the ip on the router pc.
>>>       
>> http://www.fail2ban.org/wiki/index.php/Main_Page but you may have to
>> run fail2ban on the server instead of on the logger.
>>     
>
> You can forward a copy of the syslog messages to the router
> and instruct fail2ban to act upon them instead of the default
> ssh log.
>   

How about using a read-only NFS share of the log directory from the
logger for fail2ban to read from the router?

-- 
Bowie