Menu
▾
▴
Re: [SSHGuard-users] Injecting blacklist content into a runing SSHGuard
|
From: Kevin Z. <kev...@gm...> - 2020-09-10 18:11:51
|
On 9/3/20 12:37 AM, Kevin Buckley wrote: > What I am thinking about is, rather than combining the two files, > I weed out the duplicates from server B and, say, send a SIGnal > to SSHGuard that causes it to read new IPs from a known location, > poke them into the firewall, and add them to the live blacklist file. It sounds like we're trying to accomplish two things here: 1. Teach SSHGuard how to re-load a blacklist file while running. It doesn't currently know how to do this. This will probably involve a not-too-difficult change to sshg-blocker. 2. For someone who runs multiple servers, it sounds like addresses that are blacklisted in one place should be blacklisted elsewhere. Perhaps you could have a central syslogd that all your severs log to where you run a "master" sshg-blocker instance. It could then issue sshg-fw-style commands to the individual servers via some authenticated IPC mechanism, be it secure socket, message queue/broker, etc. It seems that the SSHGuard pieces are there. It would take some glue to put together a system like this. |
