From: Patrick B. K. <p...@st...> - 2011-10-04 11:36:01
|
* Tom Hendrikx <to...@wh...>: > On 04/10/11 12:00, Patrick Ben Koetter wrote: > > What's next? Do we need more discussion? Should we start planning? Are we > > ready to go? > > > > I still don't see where this is going, or what is needed. Interaction > with an sql backend would be as easy as specifying an action like > > banaction = echo INSERT INTO bans (ip, jail, logs) VALUES (<ip>, <name>, > <evidence>) | psql fail2ban > > with an appropriate .pgpass file for the user running fail2ban. Sqlite > is even easier. Yes, I know that. > The only part that is missing, is that the evidence / log data is > currently not readily available from fail2ban. Yes. > Interacting with a sql backend directly from within fail2ban involves > including support for many (ok, some) backends and then maintaining > them, adding either configuration stuff to define the database scheme > (clumsy, verbose) or the need to commit to a specific predefined scheme > (never fits all use cases). > > The extreme flexibility that fail2ban already offers to implement things > like this, makes it IMHO not worthwhile to implement a specific interface. Agreed and I want to play with the flexibility and not against it. I don't know fail2ban as well as you do. That's why it takes me longer to understand and figure out where it should be going. Don't mistake that for ignorance. As I understand it at the moment, the only two things missing are 'log/evidence' and 'jail'. With these additional informations people are free to go. I for one would create a Python code based ban2sql action that can write to more than only one database product. And I would create a cron job that creates the necessary mails to report abuse. p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht München Partnerschaftsregister PR 563 |