gregewing / sshd

sshd with logging to syslog on host (works with docker-fail2ban)
0 stars 0 forks source link

Could we get in touch? #1

Open klausagnoletti opened 3 years ago

klausagnoletti commented 3 years ago

I am really interested in hearing more about how you use fail2ban and docker. I am working on a FOSS project aiming to provide a modern, crowd sourced fail2ban called CrowdSec (https://crowdsec.net/) so I am sure I could inspiration from you and your use cases here.

Thanks and have a great day!

gregewing commented 3 years ago

Hi Klaus, I really only use it to protect my home network, as i have services that I expose to the internet from here.

Thanks and Regards Greg Ewing


From: Klaus Agnoletti @.> Sent: Thursday, September 9, 2021 7:58:09 AM To: gregewing/sshd @.> Cc: Subscribed @.***> Subject: [gregewing/sshd] Could we get in touch? (#1)

I am really interested in hearing more about how you use fail2ban and docker. I am working on a FOSS project aiming to provide a modern, crowd sourced fail2ban called CrowdSec (https://crowdsec.net/https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrowdsec.net%2F&data=04%7C01%7C%7C2472336e473f4686979c08d9735f30bd%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637667674935292684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EkwjzwG7vu%2BVKlKc90UI6%2By2%2BytqFHgp2DzxKu4VXJ0%3D&reserved=0) so I am sure I could inspiration from you and your use cases here.

Thanks and have a great day!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgregewing%2Fsshd%2Fissues%2F1&data=04%7C01%7C%7C2472336e473f4686979c08d9735f30bd%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637667674935302679%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=h%2BrDoBVimAWRLOo2JtJ3DTCENIPPskbBWUWxh%2FD0uto%3D&reserved=0, or unsubscribehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAHSEGJRVHLEUJBF2AQCM2X3UBBLIDANCNFSM5DWNLTSQ&data=04%7C01%7C%7C2472336e473f4686979c08d9735f30bd%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637667674935302679%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PmYYJV3G0zP%2BCcsF1Jp2m03wENdZyVVDOIpDYsOAi14%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7C%7C2472336e473f4686979c08d9735f30bd%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637667674935312674%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dSSPCwgLyhEXlUovItaHql%2Burk37bLQxpse6ujvXa44%3D&reserved=0 or Androidhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7C%7C2472336e473f4686979c08d9735f30bd%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637667674935312674%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YshN%2BsBJMiKLL3%2FDPxNtNrXVuAK59bnehpItTxUjaxQ%3D&reserved=0.

klausagnoletti commented 3 years ago

Sorry, for some reason I didn't see your reply before now :-)

Thanks for your reply. Which services do you use f2b to protect? Just sshd or how?

/klaus

gregewing commented 3 years ago

Hi, not sure what to tell you really, I use a separate container for fail2ban and for each other application that I run, such as sshd, httpd, etc. I allow the fail2ban daemon to see the log files from the containers that it manages, and I allow fail2bn to manage the firewall on the host, thereby managing access to specific containers.

Would your project provide a croud-sources list of untrusted IP Addresses/subnets to that would be blocked by subscribers fail2ban instances? I'm aware that there are services similar to this already... however I don't use these as I'm aware that the use cases for IPs I might want to block may be different from those that others would want to block.