Maybe this (putting login success/failure notifications onto D-bus) would be a good thing for a PAM plugin to handle. -Travis > > Gregory Seidman wrote in > <ZhiabssA26w1CDDz@xxxxxxxxxxxxx>: > |Given the most recent security scare with distribution-patched sshd > having > |a backdoor because it indirectly linked to xz, I'd expect sentiment to be > |strongly against adding any integrations. > | > |While there is some utility to what you are suggesting, maybe it makes > more > |sense to split apart the fail2ban log parsing from its jail functionality > |and use it to parse logs onto D-bus. Let's keep sshd as simple and secure > |as it can be. > > There is blacklistd, now, for asylumatic read and golden yellow > reasons, blocklistd. It does this for a decade. > Part of FreeBSD and originally from Christos Zoulas, NetBSD. > (Though, last i looked, it really only notifies failed login > attempts.) > I do agree strongly, in that i personally very much think so, that > recreating state from parsing log files is an atrocity. Ie, for > the purpose of filtering out bad actors at least, for interacting > with the firewall that is, *live* and for operational purposes > that is, lastly. > Granted there are deep-inspecting firewalls and such which look > into protocols; i think all Microsoft Virus stuff works like this, > and Kaspersky is no longer allowed to do so, if i got this right. > I dunno, as can be seen. > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev