This is a suggestion for a fail2ban improvement. If there is already a system in place for this that I don't know about (which as far as I know there is not) please let me know.
Taking a simple example of the ssh jail. When a bad guy is detected he/she is banned by adding a rule to the iptables chain: fail2ban-SSH However it is possible that the fail2ban-SSH chain could be missing (if iptables is restarted and fail2ban is not restarted on a CentOS 6.6 system for example) and if the chain is missing fail2ban will "not ban" the bad guy and do so silently (because the drop rule will simply fail to be added to the non-existent chain). I suggest that on ban/unban fail2ban checks iptables chains to make sure the target chain exists and if not e-mails out a critical warning or re-adds the chain and sends a warning. With the new systemd system I also suggest some requirement that on iptables restart fail2ban also restarts to prevent this as much as possible. The check for the chain's existence is still needed in case someone (good, bad, intentionally, or accidentally) removes the chain manually, but the requirement will mitigate accidental missing chains significantly. -- ^C Chad ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
