Follow up: fail2ban AWS access controls
ChrisLAS Mar 20th, 2018 130 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- Ben writes...
- In a recent episode, you discussed how fail2ban wouldn't work well in a broader system, such as connecting to DO firewall.
- I can tell you that fail2ban can support these things with some addons.
- With this plugin, fail2ban can change AWS's access control for the VPC, blocking access to entire VPC.
- Additionally, another script can be used with fail2ban to ping a slack channel when bans and unbans happen, to allow a devops team to keep an eye on things. This one has the handy feature of looking up country and ISP, which allows you to quickly see if you're blocking a russian VPS (no problem), or an ATT IP in Kansas (something you might want to take a closer look at).
- Hope this helps.
RAW Paste Data