On Tuesday, 5 April 2022 03:23:11 EDT to...@tuxteam.de wrote: > On Tue, Apr 05, 2022 at 03:01:30AM -0400, gene heskett wrote: > > On Tuesday, 5 April 2022 01:46:32 EDT to...@tuxteam.de wrote: > [fail2ban] > > > Well, it seems to me that if something as automatic as fail2ban were > > to be used, its better use would be in the router, stopping such > > before it reaches into the home network [...] > > The fly in this ointment is that fail2ban relies on feedback from the > server applications (mail server, web server, sshd etc) to adscribe > "suspicious activity" (whatever that is: you get to decide with your > configs) to source IP addresses. Typically login failures and their > ilk, gleaned from the corresponding log files. > > And those apps aren't running in your router. So you'll have to teach > fail2ban to run in some distributed fashion (perhaps it does this out- > of-the-box, I don't know). > > You gotta be careful: kicking out an IP for just one login failure > might shut *you* out because you forgot to ssh-add your key (or because > you mistyped your password once). OTOH, if "they" keep changing their > IP address for each retry, you wouldn't catch them otherwise. So it is > a fine line to walk. You might try to trigger on more specific > patterns, which means you'll have to adapt your recognisers, yadda, > yadda. > > Take care & don't forget having fun. That's what computers are for, > after all. > In my case, since about the middle 70's when I bought my first programmable calculator. It's been a long ride, Tomas, 99% of it enjoyable and educational. And it's only included 2 msdos/windows machines. When I was thinking about retiring, and maybe doing some consulting, I bought an hp lappy to take on the road, but networking didn't work, so mandrake was installed in about a week. I came up thru a unix like os on trs-80 color computers, called os9. then bought an amiga that eventually was replaced by a 400mhz k6 running red hat 5. By then I had gotten interested in CNC machinery so I went unbuntu for a couple years as that what early emc ran on, but they switched to debian about a year before wheezy, emc was forced to change the name to LinuxCNC, and the latest is that LinuxCNC has been invited into debian, s/b in bookworm when its stable.
I probably am not the only one now, but certainly the most visible one, who is running linuxcnc on a pi, started with a pi3b, now a pi4b, on the planet, to run a medium sized lathe I converted to cnc when I found the lathe I paid 2 grand for, had so much broken stuff, the only salvation was to cnc it. I had the basic castings. Replaceing all the gears etc, with two motors, teaching it a whole new list of dance steps it could not do in 1048 when it was made. Including electronic wear compensation for 13 thousandths of bed wear right in front of the chuck. The motors drive ball screws, and balls screws can move things as little as .00002", so its more accurate now than when it was new. And about 5x faster than a man turning cranks can do. Computers were invented to do work FOR us, but they can also make a LOT of work when they miss-behave. So our job is to figure out ways they can miss-behave, and write programs that prevent that. Sadly, that concept isn't often taught in CS-101 classes. So here we are, in 2022, 87 yo, trying to survive the latest man made pandemic engineered to reduce the planets population. I've got to drive around 125 miles today, paying ppty taxes and refreshing all my vehicle stickers. And the 15th, is income tax day so thats got to be collected and done yet this week. Then I can go back to self-quaranteening except for the occasional grocery getter trip. Or the scripts that keep the hardware in my chest working well. Take care Tomas, and stay well. > -- > t Cheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis