Project

General

Profile

Feature #228

fail2ban for OpenIndiana and friends

Added by Roy Sigurd Karlsbakk almost 9 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Low
Assignee:
Category:
OI-Userland
Target version:
Start date:
2010-09-18
Due date:
2011-09-17
% Done:

0%

Estimated time:
1.00 h
Difficulty:
Medium
Tags:
fail2ban

Description

Hi all

We have a bunch of Solaris boxes at work, and having fail2ban running on the Linux servers, I wanted that on the Solaris stuff as well. Fail2ban is a system tool that monitors login attempts by reading syslog logs, and adds roughe hosts to a ban list, either by using the system's firewall mechanism or good-old tcpwrappers. Services supported by default are ssh and some ftp servers, but it's really about adding some regex magick for new ones.

There was some works in progress for porting it to Solaris already, and I've based my work on these. I haven't done any packaging, but fail2ban now installs as a service and works on my installs. The attached patch applies to the current 0.8.4 version of fail2ban available from http://sourceforge.net/projects/fail2ban/files/. After patching, please see the files README.Solaris for info about how to install this.

I think this would be a nice addition to OI, as I don't think we have anything like this in the works.

Any comments?

roy
roy


Files

fail2ban-solaris.patch (10.6 KB) fail2ban-solaris.patch Roy Sigurd Karlsbakk, 2010-09-18 07:11 AM

History

#1

Updated by Albert Lee over 8 years ago

  • Category deleted (Security)
  • Priority changed from Normal to Low

Triaging feature request. A spec file can be submitted to OIAC and/or SFE to address this.

#2

Updated by Matt Wilby over 8 years ago

  • Category set to 10
#3

Updated by Chris Jordan about 8 years ago

  • Assignee set to OI SFW
  • Difficulty set to Medium
  • Tags set to fail2ban

Assigning this to "OI SFW" since it has not been assigned to anyone.

#4

Updated by Roy Sigurd Karlsbakk about 8 years ago

To be honest, I'm not sure if this is worth the task. [[http://denyhosts.sourceforge.net/]] is probably better for this, and easier to implement.

roy

#5

Updated by Ken Mays about 8 years ago

  • Status changed from New to Closed

Closed. Moved to pkg build/SFE project. Out of scope for core OI project.

#6

Updated by Ken Mays about 8 years ago

  • Category changed from 10 to 35
  • Status changed from Closed to New
  • Assignee changed from OI SFW to OI Userland
  • Target version set to oi_151_stable

Moved to oi-build project.

#7

Updated by Roy Sigurd Karlsbakk about 8 years ago

I vote for closing this ticket and rather spend time on denyhosts (see link above). Denyhosts is distributed and relies on using tcpwrappers (hosts.deny etc) instead of using platform-specific tools like iptables/ipf/ipt/whatever. Fail2ban can be used with tcpwrappers as well, but is not distributed, so if a host is compromised and starts crawling the net, fail2ban will allow a given amount of attempts from the Bad Host for all installations.

roy

#8

Updated by Ken Mays about 8 years ago

  • Due date set to 2011-09-17
  • Status changed from New to Closed
  • Estimated time set to 1.00 h

We will review adding denyhosts as part of our SFE repo. Closing ticket per reporter's request.

Also available in: Atom PDF