Gregory Seidman wrote in <ZhiabssA26w1CDDz@xxxxxxxxxxxxx>: |Given the most recent security scare with distribution-patched sshd having |a backdoor because it indirectly linked to xz, I'd expect sentiment to be |strongly against adding any integrations. | |While there is some utility to what you are suggesting, maybe it makes more |sense to split apart the fail2ban log parsing from its jail functionality |and use it to parse logs onto D-bus. Let's keep sshd as simple and secure |as it can be. There is blacklistd, now, for asylumatic read and golden yellow reasons, blocklistd. It does this for a decade. Part of FreeBSD and originally from Christos Zoulas, NetBSD. (Though, last i looked, it really only notifies failed login attempts.) I do agree strongly, in that i personally very much think so, that recreating state from parsing log files is an atrocity. Ie, for the purpose of filtering out bad actors at least, for interacting with the firewall that is, *live* and for operational purposes that is, lastly. Granted there are deep-inspecting firewalls and such which look into protocols; i think all Microsoft Virus stuff works like this, and Kaspersky is no longer allowed to do so, if i got this right. I dunno, as can be seen. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
