Hacker News new | past | comments | ask | show | jobs | submit login

You control what fail2ban does with said log data and what actually gets logged. There are better ways than fail2ban of course but it's not the worst solution on the planet.



If you're using regex to parse attacker controlled files I'm not entirely sure if you're in control.

Many unexpected things can happen, as a simple example SSH can generate log entries like this

  Jan 30 17:37:04 server sshd[26695]: Invalid user root from 127.0.0.1 from 10.0.0.1
The default rules can deal with this specific example, but this is certainly a path I wouldn't want to go down myself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: