On Thu, Jul 30, 2015 at 01:25:40PM -0300, Arturo 'Buanzo' Busleiman wrote: > I first thought about this a long time ago: > > http://blogs.buanzo.com.ar/2011/06/proactive-protection-enhancements-for-fail2ban-part-1.html > > The idea was to config a jail with a special set of actions, monitoring > fail2ban.log itself from within fail2ban. If this idea is better, then good. > > Can you give me more details on your REST solution? > > > On Thu, Jul 30, 2015 at 11:52 AM, Sean DuBois <[email protected]> wrote: > > > On Thu, Jul 30, 2015 at 12:38:10PM +0100, Darac Marjal wrote: > > > On Wed, Jul 29, 2015 at 08:38:24PM -0300, Arturo 'Buanzo' Busleiman > > wrote: > > > > Hi team, > > > > > > > > I just finished implementing a simple tool that monitors > > fail2ban.log for > > > > ban/unbans, > > > > and uses zeromq to distribute that information to zeromq > > subscribers. > > > > > > A question for you: Why does the tool monitor the fail2ban log? Why not > > > design it as an action which could be added to the existing actions for > > > a jail? > > > > > > > > > > > i know there are other ideas out there for this need, but zeromq > > looked > > > > appropiate enough, and is well supported on Debian/Ubuntu for > > python3 > > > > I have to polish the code, add docs, and also try configuring it as > > a > > > > fail2ban action instead of an ad-hoc app that monitors the log, but > > it is > > > > working. > > > > > > > > If anyone wants to help me polish and test it, that'd be awesome. > > > > > > > > cheers > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > > _______________________________________________ > > > > Fail2ban-users mailing list > > > > [email protected] > > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > > > > -- > > > For more information, please reread. > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > > > Fail2ban-users mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > If it is a banaction you still have the problem of handing it out to the > > other servers though. A small script could solve that problem, but best > > to avoid custom solutions. > > > > I ran into this same issue and ended up putting a little REST server on > > top of fail2ban (using the socket that fail2ban-client uses) and if > > something is banned on one server hit the API of all its siblings. > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Fail2ban-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > >
> ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users Of course! Sorry I didn't include it in the first place https://github.com/Sean-Der/fail2rest It then powers this basic fail2ban administration tool https://github.com/Sean-Der/fail2web I still 'actively' maintain it, but have been busy with other open source stuff ATM ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
