Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Daily reporting blocklisted hosts

On 23-09-22 08:15, Brook Milligan wrote:
  | It seems that enabling blocklistd on any internet-facing host is
  | best practice, no?  If so, it seems relevant that an admin might
  | want to keep tabs on what is being blocked.

This proposal seems more than reasonable to me.

I have used similar functionality on other systems, such as fail2ban.
(While fail2ban has finer-grained per-service reporting, I'm not
advocating for scope creep in your proposal.)

  | I propose adding a bit to /etc/daily to run "blocklistctl dump" as
  | part of the daily tasks.  Of course, it would be controlled by a
  | variable, default off, in /etc/daily.conf, so current behavior would
  | not change unless opted in.  See the attached patch.

Looks ok. Bikeshed request - rename the variables. You currently have:
and for consistency it might be better as

  | Bikeshed topic: should this be in /etc/security instead?

I have no preference either way.


Home | Main Index | Thread Index | Old Index