[CLUE-Tech] Auto blocking hosts w/ iptables
Collins Richey
erichey2 at comcast.net
Thu Jul 29 13:42:51 MDT 2004
On Thu, 29 Jul 2004 10:47:57 -0700 (PDT)
Hani Duwaik <hduwaik at yahoo.com> wrote:
> Hello,
>
> I'm looking for information regarding either of the following:
>
> 1) A tool (script, application, module) that will monitor apache log
> files, detect attacks, and create an iptables rule to block traffic
> from offending hosts.
>
> 2) A tool (or complete solution) that will take IDS logs and perform
> the same operation with iptables as described above.
>
> I'm running gentoo linux and have a personal website I am using. In
> the few days I've had it up, I've noticed several compromise attempts
> (though they were mostly for IIS). For various reasons, I can't
> change the port apache runs on. As such, I'd to find a way to
> automatically block traffic from any host that tries to use known
> tools to compromise webservers.
>
Have you looked at tenshi? From the advertising blurb, it looks like it
can do much of what you are seeking.
> http://www.gentoo.org/proj/en/infrastructure/tenshi/index.xml
--
/\/\
( CR ) Collins Richey
\/\/ fly Independence Air - they run Linux
More information about the clue-tech
mailing list