Subj : preventing brute force attempts on privleged ports
To   : Beanzilla
From : bugz
Date : Fri Apr 09 2021 05:58 pm

-=> Beanzilla wrote to tonic <=-

 Be> I would figure both SSHGuard and Fail2Ban could work, or at least do
 Be> something, in my case I was explicitly targeting when Enigma dumps to
 Be> it's logs invalid usernames.

Unfortunately, fail2ban doesn't parse json logs.  Doesn't look like 
are going to be adding that anytime/if ever.  You're stuck using
regex to parse the logs.  Ugh!  https://xkcd.com/1171/

ENiGMA logs are json, so it looks like your code is a good option.

You even use the fancy inotify.  

Take care,
bugz

.... You've been leading a dog's life. Stay off the furniture.

--- MultiMail/Linux v0.52
                                                                                          

--- Talisman v0.17-dev (Linux/x86_64)
 * Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

.