[Fail2ban-users] Intro

Sun, 28 Jul 2019 10:52:20 -0700 

Hello,
My name is Jerry Kaidor, and I was recently dragged, kicking & screaming, into the 21st Century... 


My Slackware server needed a newer version of PHP, and I made the 
mistake of typing
"make install".  The installer sprayed PHP crap all over my filesystem, 
and everything PHP-related died.



I decided that it was time to build a new server.  Technology has moved 
ahead, and NVME SSD's have descended in price to the reach of mere 
mortals.


On my new server, I installed fail2ban 0.11.


On the old one, I had been using a homemade script to combat the 
constant login attempts via ssh.  I had modified the C code of openssh 
to output a syslog with a unique facility/level for failed login 
attempts.  I then added a line to syslog.conf to output those lines ( 
from sshd ) to a fifo.  At the other end of the fifo, I hung a perl 
script that implemented a leaky bucket algorithm.  Failed password 
attempts would fill the bucket, and when it got to a certain fullness, 
the script would call a command called "blacklist", which was a perl 
script written by Ivan Ristic that blocks individual IP addresses.  I 
had two levels of banning.  The first was relatively short.   My system 
kept track of the IPs that were subject to those short bans.  If the IP 
outlived a short ban and then tried again, my script would subject it to 
a secondary ban - much longer, essentially forever.



  While my script worked well, it was not versatile; it would have been 
a lot of work to expand it to other protocols.  And I had an immediate 
need to secure my asterisk pbx.



  The included filters did not work for Asterisk 16.4.  I was able to 
get them working by removing the "^" from the beginning of each 
failregex.  I don't think this is an optimal solution - anchored regex's 
have to be more efficient than unanchored ones.  But it doesn't seem to 
be THAT bad.  The server's load average
cruises at 0.00, 0.00, 0.00, and fail2ban occasionally consumes 0.3% of 
the CPU and 0.1% of the memory.   YMMV.  The server is a fairly potent 
little machine, with a Xeon E3-1241, 32 gigs of ECC ram, and a single 
500G NVME SSD ).


              - Jerry Kaidor







_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to