[Userland-team] [OpenIndiana Distribution - Feature #228] fail2ban for OpenIndiana and friends

illumos project devnull at illumos.org
Tue Sep 6 17:39:07 UTC 2011


Issue #228 has been updated by Roy Sigurd Karlsbakk.


I vote for closing this ticket and rather spend time on denyhosts (see link above). Denyhosts is distributed and relies on using tcpwrappers (hosts.deny etc) instead of using platform-specific tools like iptables/ipf/ipt/whatever. Fail2ban can be used with tcpwrappers as well, but is not distributed, so if a host is compromised and starts crawling the net, fail2ban will allow a given amount of attempts from the Bad Host for all installations.

roy
----------------------------------------
Feature #228: fail2ban for OpenIndiana and friends
https://www.illumos.org/issues/228

Author: Roy Sigurd Karlsbakk
Status: New
Priority: Low
Assignee: OI Userland
Category: oi-build
Target version: oi_151_stable
Difficulty: Medium
Tags: fail2ban


Hi all

We have a bunch of Solaris boxes at work, and having fail2ban running on the Linux servers, I wanted that on the Solaris stuff as well. Fail2ban is a system tool that monitors login attempts by reading syslog logs, and adds roughe hosts to a ban list, either by using the system's firewall mechanism or good-old tcpwrappers. Services supported by default are ssh and some ftp servers, but it's really about adding some regex magick for new ones.

There was some works in progress for porting it to Solaris already, and I've based my work on these. I haven't done any packaging, but fail2ban now installs as a service and works on my installs. The attached patch applies to the current 0.8.4 version of fail2ban available from http://sourceforge.net/projects/fail2ban/files/. After patching, please see the files README.Solaris for info about how to install this.

I think this would be a nice addition to OI, as I don't think we have anything like this in the works.

Any comments?

roy
roy


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://www.illumos.org/my/account



More information about the Userland-team mailing list