[CentOS] Odd issue with fail2ban

Mon Aug 13 18:03:05 UTC 2012
Leonard den Ottolander <leonard at den.ottolander.nl>

On Mon, 2012-08-13 at 13:30 -0400, m.roth at 5-cent.us wrote:
> Sorry, can't do that with servers whose websites are open to the world,
> and when folks here have collaborators around the world.

Well if those people have to log in using SSH from all across the world
white listing would not be feasible. But I wouldn't expect you to let
those collaborators log in to your log host from anywhere? So white
listing and blocking anyone else (on single or repeated connect or
disconnect) should be an option there. Although in this scenario you
could just as well block port 22 for every but the white listed hosts
using iptables, unless you need the ban messages for statistical
purposes.

Also, in the default configuration for the ssh-iptables jail the bans
resulting from failed SSH logins will only block access to port 22. So
even if someone would trigger a ban by attempting too many logins within
the set findtime they would still be able to access other services.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research