[triangle-zpug] Cool python security app

Geoff Davis geoff at geoffdavis.net
Tue Jun 28 01:08:37 CEST 2005


Hi all--

I rent a dedicated server which died over the weekend.  While diagnosing
the failure, I discovered a dictionary password cracking attempt in
progress -- there were thousands of failed attempts to log in to the
machine per day.

The cause of the failure turned out to be hardware related, but the
attack spurred me to beef up the machine's security.

First, I upgraded to Fedora Core 4 and enabled selinux.  (Note: For
those of you running Plone behind Apache, I learned the hard way that
selinux's targeted policy has a feature that breaks Apache's proxying.
You have to allow httpd scripts to access the network to restore
proxying.)

Second, I installed a little python app called fail2ban:
http://fail2ban.sourceforge.net/

fail2ban watches logs you specify (/var/log/secure for Fedora) for
failed login attempts.  After a certain number of failed attempts (3 by
default), fail2ban will modify your firewall and lock out the offending
IP address for a specified period of time (10 minutes by default).  This
is pretty good protection against dictionary attacks since it slows them
down by several orders of magnitude and will probably make them time out
and give up.  The automated restoration of access keeps you from locking
yourself out completely.

Enjoy!

Geoff




More information about the triangle-zpug mailing list