29 Sep
2014
29 Sep
'14
12:43 p.m.
Tom,
I am also using Fail2BAN.
I created my own jail for JNOS and it works great.
That is also why I needed to change the JNOS log file name to something
static. That way I could avoid having to reload/restart Fail2Ban every
morning at midnight to look for a new log.
If you need the Jail regex I created for JNOS (assuming you're using JNOS),
contact me off-list (kg6baj(a)n1oes.org) and I can email it to you.
Bill
KG6BAJ
At 09:13 AM 09/29/14, you wrote:
I do this with a program called fail2ban. You configure
it to watch
log files for authentication failures or other suspicious activity. It
then blocks the suspicious source IP in iptables for the configured
period of time. When the time expires, the IP is unbanned, so false
positives or new users of an IP address aren't adversely affected.
I get many bans per day and don't put much energy into monitoring or
reporting them.
Tom KD7LXL
_________________________________________
3707
days inactive
3707
days old
0 comments
1 participants
participants (1)
-
William Lewis