Using fail2ban with CoreOS
1,881 views
Skip to first unread message
Andrew Dunham
Oct 11, 2014, 5:21:57 PM10/11/14
to coreo...@googlegroups.com
Hi there,
I'm running a CoreOS droplet on DigitalOcean, and I'm seeing a large number of brute-force SSH attacks. I'm using SSH key-based auth, so it's not a huge concern, but I'd like to install something like fail2ban on the droplet to help with this. Has anyone had any experience getting this to work? Alternatively, does anyone know of a way to get fail2ban to run inside a Docker container and still properly manage the host? I suspect that running with --privileged --net="host" might help, but my initial experimenting hasn't got anything working.
Any additional thoughts are appreciated :-)
Thanks,
--Andrew D
I'm running a CoreOS droplet on DigitalOcean, and I'm seeing a large number of brute-force SSH attacks. I'm using SSH key-based auth, so it's not a huge concern, but I'd like to install something like fail2ban on the droplet to help with this. Has anyone had any experience getting this to work? Alternatively, does anyone know of a way to get fail2ban to run inside a Docker container and still properly manage the host? I suspect that running with --privileged --net="host" might help, but my initial experimenting hasn't got anything working.
Any additional thoughts are appreciated :-)
Thanks,
--Andrew D
Justin Tulloss
Jan 25, 2015, 2:40:25 PM1/25/15
to coreo...@googlegroups.com
I also would like some way of doing this. There's an attempt here: https://github.com/ianblenke/docker-fail2ban/commits/master, but it appears that the author never got it working.
Chao Zhong
Sep 24, 2015, 11:43:51 PM9/24/15
to CoreOS User
yes I'm consider of this problem too, also I want to check some output from docker to see if some one attack/abuse the app in the docker, and then ban them, don't know how CoreOS solved these problem
Seán C. McCord
Sep 25, 2015, 9:24:49 AM9/25/15
to Chao Zhong, CoreOS User
--
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Seán C McCord
CyCore Systems, Inc
Seán C. McCord
Sep 25, 2015, 9:28:39 AM9/25/15
to Chao Zhong, CoreOS User
For processing of application/docker-oriented logs, use log aggregation (such as by logstash) and direct potential problems to a separate service (such as those listed here: https://www.elastic.co/guide/en/logstash/current/output-plugins.html)
Nick Owens
Sep 29, 2015, 3:48:17 PM9/29/15
to CoreOS User, cppg...@gmail.com
amazing, i didn't think anyone would use this :-) i hope it's working well for you.
Seán C. McCord
Sep 29, 2015, 4:04:17 PM9/29/15
to Nick Owens, CoreOS User, cppg...@gmail.com
Nick,
I do, indeed, and it works beautifully. It's a nice, simple, and non-invasive solution. Thanks a lot!
Jay Mikhail
Jun 27, 2016, 8:21:03 AM6/27/16
to CoreOS User, cppg...@gmail.com
Seems awesome to me as well
Reply all
Reply to author
Forward
0 new messages