Date: Sat, 8 Apr 2023 09:47:15 +0200 From: Andrea Venturoli <ml@netfence.it> To: Mel Pilgrim <list_freebsd@bluerosetech.com>, freebsd-ports@freebsd.org Subject: Re: security/portsentry removal Message-ID: <a8619455-ae93-6bfd-fc5e-b0f66d8ffde7@netfence.it> In-Reply-To: <3d779c56-236d-f18b-5ac0-71f6580bb498@bluerosetech.com> References: <0bfd94dd-5be3-6461-cb98-db1a1664e220@netfence.it> <3d779c56-236d-f18b-5ac0-71f6580bb498@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/8/23 04:56, Mel Pilgrim wrote: >> Can anyone suggest something equivalent in the port tree? > > Have a look at fail2ban. It's design intent is monitoring running > services, but really it's just a set of log file regex filters. Anything > that logs network activity can feed it. Hello and thanks for answering. In fact I'm already using fail2ban for "running" services. Portsenty is a bit different, in that it's conceived to listen on ports used by non-running services. I.e. Got a SMTP server? Let fail2ban check its logs. No? Let portsentry listen on port 25. I thought about writing regexes for fail2ban to check if ipfw denied access to ports where portsentry used to listen. So far it's the best idea I've come up with, but I hoped for something simpler (i.e. more close to how portsentry worked). bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a8619455-ae93-6bfd-fc5e-b0f66d8ffde7>