Hello--
I've written a simple little package to allow a probe to be detected on
any one
of a set of machines, and have all the machines in the set apply the same
ban
immediately.
OSSEC does this, and I thought it might be cool to allow other packages
like fail2ban, or psad, or whatever, to use a mechanism like this. All the
package
has to have is a command-line ability to "manually" apply a ban, and
the ability to run an external script when a ban is executed. Psad has both
these abilities (or will, in 2.2.4). In the meantime, I include a patch for
existing
code.
I've tested it out on a set of around 40 machines in a couple different
clouds.
Works well.
It's a bit raw and young, but it works well. Built on zeromq/czmq. All
communications
are encrypted. Three programs: banshare-server (one per set of clients),
banshare-client (one per host running fail2ban/psad/etc). and
banshare-report, (one per
host running fail2ban/psad/etc). A Deployment scheme is included, or you can
build your own.
Check it out! git clone https://github.com/WyoMurf/banshare.git
murf
--
Steve Murphy
ParseTree Corporation
57 Lane 17
Cody, WY 82414
✉ murf at parsetree dot com
☎ 307-899-5535
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
