search

ossf / security-reviews

A community collection of security reviews of open source software components.
https://openssf.org
92 stars 26 forks source link

Fail2Ban security review #55

Closed kevinbackhouse closed 3 years ago

kevinbackhouse commented 3 years ago

I recently audited Fail2ban for security issues and wrote a blog post about it. I did not find any exploitable vulnerabilities.

Amir-Montazery commented 3 years ago

Thank you for the addition Kevin! I like how you illustrated what you did in the blog post article, it was an interesting read! The checks can be a little nit-picky so let me know if you're having trouble with that. I believe the scope can either be "non-implementation" or "Implementation/Full" or "Implementation/Partial"

david-a-wheeler commented 3 years ago

This is great! You mentioned that the "defenses against command injection attacks from a local attacker are not as good as they could be". I think we should add this review no matter what, but it'd be great if there was another sentence or 2 explaining what was meant by that.