If you have been running fail2Ban on a server or servers to block port probing for vulnerable services on servers and felt that high RAM usage and general log parsing a little bit taxing, you'll be excited to hear that fail2ban's creator has crafted a successor "Reaction" Read his overview of the problem area and solution here: https://blog.ppom.me/en-reaction/
"Reaction, on my server, on which a lot more logs are analyzed that only the SSH service, reaction (and all the commands it launches) consumes approximately 5 min of CPU a week and 25 MB of RAM. With equal task work, fail2ban used to consume 1 hour and 300 MB, namely 30 times more and 10 times more resources." https://framagit.org/ppom/reaction reaction A daemon that scans program outputs for repeated patterns, and takes action. A common usage is to scan ssh and webserver logs, and to ban hosts that cause multiple authentication errors. 🚧 This program hasn't received external audit. however, it already works well on my servers 🚧 RationaleI was using the honorable fail2ban since quite a long time, but i was a bit frustrated by its cpu consumption and all its heavy default configuration. In my view, a security-oriented program should be simple to configure and an always-running daemon should be implemented in a faster language. reaction does not have all the features of the honorable fail2ban, but it's ~10x faster and has more manageable configuration. 📽️ quick french name explanation 😉 🇬🇧 in-depth blog article / 🇫🇷 french version ConfigurationYAML and JSONnet (more powerful) are supported. both are extensions of JSON, so JSON is transitively supported.
Lastly, while this is v1 v2 is already in the works. As the audience forthis tool picks up, and audit of it should also be completed (but no target date at this point). |
Author: <see article>
These links serve as tributes to those who have written them. Please find contributor details in the links provided Archives
April 2024
Categories |