Follow up: fail2ban AWS access controls
- Ben writes...
- In a recent episode, you discussed how fail2ban wouldn't work well in a broader system, such as connecting to DO firewall.
- I can tell you that fail2ban can support these things with some addons.
- With this plugin, fail2ban can change AWS's access control for the VPC, blocking access to entire VPC.
- Additionally, another script can be used with fail2ban to ping a slack channel when bans and unbans happen, to allow a devops team to keep an eye on things. This one has the handy feature of looking up country and ISP, which allows you to quickly see if you're blocking a russian VPS (no problem), or an ATT IP in Kansas (something you might want to take a closer look at).
- Hope this helps.
RAW Paste Data