[Nottingham] fail2ban + gamin, or tail -f | grep?...
Andy Smith
andy at bitfolk.com
Thu Aug 14 00:03:04 UTC 2014
Hi Martin,
On Wed, Aug 13, 2014 at 02:52:39PM +0100, Martin wrote:
> Checking gamin as used by fail2ban: Lockups bugs reported...
>
> (gamin is used as an interface to inotify to notify fail2ban when a
> monitored log file changes.)
Have you actually ever experienced a problem with it?
I've been using fail2ban on over 50 machines since around 2007 and
never have had a problem like that myself, but I hear of people who
do. I've only really used it on Debian.
> Or is just as good a method to use:
>
> tail -f /var/log/messages | egrep 'whatever' | bash-script
That is rather a severely restricted example of what fail2ban
actually does though!
I am guessing you'd have to put in a fair bit of work to get the
configurability of the multiple regexes, timings, different actions,
and so on.
At the very least your bash-script is going to have to handle:
* Extracting the IP address from the log line.
* Rate detection (to decide whether to ban or not).
* White-listing (so you don't ban yourself).
* Expiry of bans.
It does seem a bit like premature NIH sort of thing if you're not
experiencing issues, but then again it could be an interesting
learning experience. :)
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
More information about the Nottingham
mailing list