fail2ban for OpenIndiana and friends
We have a bunch of Solaris boxes at work, and having fail2ban running on the Linux servers, I wanted that on the Solaris stuff as well. Fail2ban is a system tool that monitors login attempts by reading syslog logs, and adds roughe hosts to a ban list, either by using the system's firewall mechanism or good-old tcpwrappers. Services supported by default are ssh and some ftp servers, but it's really about adding some regex magick for new ones.
There was some works in progress for porting it to Solaris already, and I've based my work on these. I haven't done any packaging, but fail2ban now installs as a service and works on my installs. The attached patch applies to the current 0.8.4 version of fail2ban available from http://sourceforge.net/projects/fail2ban/files/. After patching, please see the files README.Solaris for info about how to install this.
I think this would be a nice addition to OI, as I don't think we have anything like this in the works.
Updated by Roy Sigurd Karlsbakk over 9 years ago
I vote for closing this ticket and rather spend time on denyhosts (see link above). Denyhosts is distributed and relies on using tcpwrappers (hosts.deny etc) instead of using platform-specific tools like iptables/ipf/ipt/whatever. Fail2ban can be used with tcpwrappers as well, but is not distributed, so if a host is compromised and starts crawling the net, fail2ban will allow a given amount of attempts from the Bad Host for all installations.