Y
Hacker News
new
|
ask
|
show
|
jobs
by
bdamm
2326 days ago
fail2ban is saving my bacon right now.
1 comments
ryanlol
2326 days ago
From what? Generally fail2ban only exposes unnecessary attack surface while providing zero benefit.
link
omgwtfbyobbq
2326 days ago
How does fail2ban expose attack surface?
link
detaro
2326 days ago
It's code running on partially attacker-controlled inputs. It several times had vulnerabilities that allowed an attacker to trigger blocks for arbitrary IPs.
link
cyc115
2326 days ago
I remember there's a privEsc on old versions of fail2ban.
link
omgwtfbyobbq
2324 days ago
Do you remember roughly when the privEsc was?
https://www.cvedetails.com/vulnerability-list/vendor_id-5567...
link
ryanlol
2325 days ago
Sketchy parsers operating on untrusted, unstructured log data.
fail2ban is worse than useless.
link