Hello all, My I add my 2 cents ...
I had the same problematic some months ago, so I develop log2table ( http://vincentdelft.be/post/post_20170517) Which has the same idea of fail2ban. It's a python script with no specific requirements, except some entries in doas.conf. The added value is that you can ban a bad IP based on the different actions he is doing on your machine (ssh, http, ...). In short, every attack gives a "weight" (you decide in the config file) and when the threshold is reached the IP is blocked (1 hour in my config). rgds On Mon, Oct 30, 2017 at 10:31 AM, Kamil Cholewiński <harry6...@gmail.com> wrote: > On Mon, 30 Oct 2017, Gregory Edigarov <ediga...@qarea.com> wrote: > > On 29.10.17 03:20, x9p wrote: > >> > >> Coming from the Linux world, I wonder if there is a better alternative > >> to fail2ban, already being used in OpenBSD servers by the majority. > >> > > I suggest you NEVER use such "solutions". It's security by obscurity > > model, and therefore a bad very very bad thing. > > You'd be much safer completely turning off password authentication, > > using keys instead. > > Throttling brute-force attack attempts is usually Good. Passwords are > one thing to try forcing, but there may be other undiscovered (or > unpatched) vulns, like the Debian key fiasco or such. > > Of course, if it actually made sense, OpenBSD would probably ship it as > a default ;) > > <3,K. > >
