-
Notifications
You must be signed in to change notification settings - Fork 2
1.4 Fail2Ban
Fail2Ban is a great little utility created by Cyril Jaquier. It runs in the background and monitors various log files for malicious activity. It responds by modifying the firewall rules to block any inappropriate activity.
More information can be found here on Wikipedia
or here on the Fail2Ban project web site
or right here on the GitHub.
A custom filter has been added to the Fail2Ban default filters to specifically monitor the Apache log files for failed log on attempts to the alarm system. If three failed logons are detected within a 5 minute interval, the offending IP address gets blocked.
The blocking activity is integrated to the alarm system by means of a custom script. This informs the alarm system daemon that an IP has been blocked, and the alarm system treats the event as a security breach. The banning event is logged, and an email sent.
There are at least two ways of doing this...
1) The quick way
This involves removing the logon failures from the Apache logs and restarting the Fail2Ban daemon.
Logon to your Raspberry pi and from the console...
sudo nano /var/log/apache2/access.log
scroll down to the end of the file and delete the lines that contain the phrase "GET /failed.php HTTP/1.1"
save the file and exit the editor.
sudo service fail2ban restart
Then on your browser, you will also need to delete the cookies
2) The easy way
Just wait 10 minutes and Fail2Ban will unblock the IP address automatically, and the browser cookies will expire.
Visit the website oddwires.co.uk