Re: sucessor for denyhosts?
- Date: Sun, 10 Mar 2019 01:31:07 +0100
- From: Håkon Alstadheim <hakon@xxxxxxxxxxxxxxxxxx>
- Subject: Re: sucessor for denyhosts?
Den 09.03.2019 11:22, skrev mj:
fail2ban can run any script of your choosing as "banaction". I have a
script that does smtp blacklist for example. My default action is a
shorewall command. Also needs the corresponding "unban" script,
obviously. All in all fail2ban seems fairly solid, though it /does/
depend on the format of your logs to work properly. Stick with standard
config of logging from services and syslogd/systemd as far as possible,
and fail2ban will be pretty low-maintenance. (I have only ever used it
together with rsyslogd).
We are using fail2ban to do this. It offers many more options, and
works by creating iptables rules. This gives you much more control
over what ports exactly are blocked.
Plus I think (correct me if Im wrong) that using /etc/hosts.deny to
block access only works with programs that are compiled to do so, and
iptables will always work.
That is the direction things are moving in my experience also, though I
seem to remember a recent issue i had where I needed hosts.deny to get
proper blocking for apache, because connections were coming in via a
multiplexer/proxy thingamajig. Had something to do with open-vpn.
On 3/9/19 9:57 AM, Hans wrote:
looks like "denyhosts" is nol more in the repos. I like this tool,
blocks the IP, when the wrong password is sent n-times.
The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.
I am using a script, which, cleares the hosts.deny after a certain
this is just my behaviour.
My question: which successor for denyhost do you suggest. I found
which looks promising, but maybe you got a better tool, which is