At 3:44 PM -0400 10/6/07, david sent email regarding Re: Fail2Ban:
On Oct 6, 2007, at 3:14 PM, Marconi wrote:
If any of you are successfully using Fail2Ban on OS X, please
contact me off list. TIA
First: You are asking on-list. Not only is it polite but also
considerate, you might even say a whole lot less selfish,
not to expect private replies on a public list, let alone ask for
them.
Technically, it's OT so I asked that replies come off list.
Fair enough, but it would be less OT than other recent threads, and
you found the wherewithal to ask openly on the list, others might
benefit as well.
What version of OS X, 10.4 ? Since it uses neither netfilter nor
iptables (but ipfw),
"it" being 10.4.x? I'm using 10.4.10 and am trying to construct a
Fail2Ban "jail" to use ipfw. I'd hoped that someone had done so
previously
I'd like to know as well
and could assist me with the process.
And at that stage then you could've taken it off-list :)
it looks like you'll need to use tcpwrapper which 10.4 does not by
default. Perhaps there's good reason for it - others can speak to
that better than I.
Actually, OS X does use hosts.deny and hosts.allow, so it would
appear that tcpwrappers are functional.
Those files are not there by default and simply creating them won't
necessarily have the results you expect.
While tcpd is present, as one pertinent example: for ssh, you'll have
to edit the ssh launchd plist to use it and (potentially) TCP Wrappers.
See
www.infosecwriters.com/text_resources/pdf/securing-mac-os-x-tiger.pdf
