From the category of log based tools fail2ban is considered to be the best available log based brute force blocker. Basically, as any other log based brute force blockers, fail2ban will monitor the system log files and when certain configured events occur they will trigger fail2ban to block the offending host.
Here are the main features of fail2ban:
Here are the main features of fail2ban:
- running as daemon (no delay to take actions as in cron based tools).
- can use various methods to block the attack:
- iptables (this is the default, and will most certainly be the best choice for most users)
- TCP Wrappers (/etc/hosts.deny): this might be particular useful if you are running a VPS that has no access to iptables rules.
- any other method you might need to implement in your firewall setup (you will have to define the rules yourself in this case).
- can handle more than one service: sshd (default), apache, vsftpd/proftpd, etc.
- can send e-mail notifications.
- can ban IPs for a limited amount of time and since 0.6.1 can also permanently ban hosts.
0 comments:
Post a Comment