Gregory Seidman wrote in
<ZhiabssA26w1CDDz at peterbilt.lan>:
|Given the most recent security scare with distribution-patched sshd having
|a backdoor because it indirectly linked to xz, I'd expect sentiment to be
|strongly against adding any integrations.
|
|While there is some utility to what you are suggesting, maybe it makes more
|sense to split apart the fail2ban log parsing from its jail functionality
|and use it to parse logs onto D-bus. Let's keep sshd as simple and secure
|as it can be.
There is blacklistd, now, for asylumatic read and golden yellow
reasons, blocklistd. It does this for a decade.
Part of FreeBSD and originally from Christos Zoulas, NetBSD.
(Though, last i looked, it really only notifies failed login
attempts.)
I do agree strongly, in that i personally very much think so, that
recreating state from parsing log files is an atrocity. Ie, for
the purpose of filtering out bad actors at least, for interacting
with the firewall that is, *live* and for operational purposes
that is, lastly.
Granted there are deep-inspecting firewalls and such which look
into protocols; i think all Microsoft Virus stuff works like this,
and Kaspersky is no longer allowed to do so, if i got this right.
I dunno, as can be seen.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)