Fail2Ban
Snort
| Fail2Ban | Snort | |
|---|---|---|
| 57 | 2 | |
| 14,752 | 2,950 | |
| 2.6% | 1.7% | |
| 9.0 | 9.4 | |
| 9 days ago | 14 days ago | |
| Python | C++ | |
| GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Fail2Ban
-
Fighting bots by implementing fast TCP fingerprinting with eBPF
something like https://github.com/renanqts/xdpdropper or cilium's host firewall or https://github.com/boylegu/TyrShield exist or https://github.com/ebpf-security/xdp-firewall today and implement ebpf filter based firewalling.
Of these there is a sample integration for XDPDropper to fail2ban that never got merged https://github.com/fail2ban/fail2ban/pull/3555/files -- I don't think anyone else has really worked on that junction of functionality yet.
There's also wazuh which seems to package ebpf tooling up with a ton of detection and management components, but its not a simple to deploy as fail2ban.
-
Zero Trust, One Router: Hardening Your Home Lab Like a Cyber Fortress.
Fail2Ban: Stop brute-force attacks
-
Forget IPs: using cryptography to verify bot and agent traffic
Wasn't that the argument against https, namely, that it was too costly to run [1]? I also run fail2ban [2] in my servers and I rarely even notice it's there.
I'm not saying you should sit down with the iptables manual and start going through the logs, but I can see the idea taking off if all it takes is (say) one apt-get and two config lines.
[1] https://stackoverflow.com/questions/1035283/will-it-ever-be-...
[2] https://github.com/fail2ban/fail2ban
-
DigitalOcean blocks SMTP ports 465 and 587 since last month
Not a whole lot of a source to share, sorry.
Whenever registering/subscribing to some provider, I always use a new,unique email address. If/when that provider gets their user database leaked, after some time, spam starts rushing in. At that point, I change my email address in provider's records, and old one is moved to "spamtrap" alias on my server. Over the years, quite a few has accumulated - linkedin, yahoo, you name it...
Fail2ban [0] parses mail server logs, and I have a rule there, where source IP address of anything incoming to spamtrap, is looked up in whois and logged. Then, manual awk/grep/sort contraption is run periodically.
DO's AS14061 used to be consistently in top-3 spam sources, occasionally taking #1 spot.
[0] http://www.fail2ban.org/
-
One-Click Setup for SSH Login, Password Policy, IP Ban Configuration, and Custom Admin User Creation
IP Ban: Fail2ban
-
How to install and configure Fail2ban for protecting SSH and Nginx
First you need to install Fail2ban. Before installation please see official installation guide on GitHub. Maybe something has been changed after this article published.
-
The Ultimate NixOS Homelab Guide - Flakes, Modules and Fail2Ban w/ Cloudflare
Throughout this I'll be referring to these pages: https://nixos.wiki/wiki/Fail2ban https://github.com/dani-garcia/vaultwarden/wiki/Fail2Ban-Setup https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf
-
OpenSSH introduces options to penalize undesirable behavior
Impatient of what exactly? fail2ban is battle tested for well over a decade. It is also an active project with regular updates: https://github.com/fail2ban/fail2ban/commits/master/
-
Looking for a way to remote in to K's of raspberry pi's...
now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
- Fail2Ban
Snort
-
Cybersecurity/infosec tools
https://github.com/snort3/snort3 is a nice complicated one.
- Snort installation aborted
What are some alternatives?
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.