Difference between revisions of "MANUAL 0 8"
Lostcontrol (talk | contribs) |
|||
| Line 7: | Line 7: | ||
=== The solution === | === The solution === | ||
| − | Log files contain interesting information, especially about failed logins. | + | Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what {{Fail2ban}} does. It scans log files and detect patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain. |
The version '''0.8''' of {{Fail2ban}} introduces a lot of new features and improvements. Here is a list of the most important new features: | The version '''0.8''' of {{Fail2ban}} introduces a lot of new features and improvements. Here is a list of the most important new features: | ||
Revision as of 14:55, 16 October 2006
Introduction
The problem
Brute-force breakin attempts are quite frequent against SSH server. Automated scripts try multiple combination of username/password. To be continued...
The solution
Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what Fail2ban does. It scans log files and detect patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain.
The version 0.8 of Fail2ban introduces a lot of new features and improvements. Here is a list of the most important new features:
- client/server
- multithreaded
- Gamin support
- autodetection of the date/time format
- wildcard support in logpath option
The code has been completely rewritten since the last stable release. Support for more services (proftpd, sasl, qmail, apache, ssh, etc) and actions (iptables, tcp-wrapper, mail notification with whois information, etc) are now available.
