Re: Daily reporting blocklisted hosts

To: Brook Milligan <brook%nmsu.edu@localhost>
Subject: Re: Daily reporting blocklisted hosts
From: Luke Mewburn <luke%mewburn.net@localhost>
Date: Sat, 4 Nov 2023 10:55:19 +1100

On 23-09-22 08:15, Brook Milligan wrote:
  | It seems that enabling blocklistd on any internet-facing host is
  | best practice, no?  If so, it seems relevant that an admin might
  | want to keep tabs on what is being blocked.

This proposal seems more than reasonable to me.

I have used similar functionality on other systems, such as fail2ban.
(While fail2ban has finer-grained per-service reporting, I'm not
advocating for scope creep in your proposal.)


  | I propose adding a bit to /etc/daily to run "blocklistctl dump" as
  | part of the daily tasks.  Of course, it would be controlled by a
  | variable, default off, in /etc/daily.conf, so current behavior would
  | not change unless opted in.  See the attached patch.

Looks ok. Bikeshed request - rename the variables. You currently have:
	report_blocklist=NO
	blocklistctl_flags=""
and for consistency it might be better as
	report_blocklist=NO
	report_blocklist_flags=""
?

  | Bikeshed topic: should this be in /etc/security instead?

I have no preference either way.


cheers,
Luke.

References:
- Daily reporting blocklisted hosts
  - From: Brook Milligan

Prev by Date: Re: dtracing unlink
Next by Date: Re: random lockups (now suspecting zfs)
Previous by Thread: Daily reporting blocklisted hosts
Next by Thread: 10.0_BETA/amd64 panic in inteldrm
Indexes:

Home | Main Index | Thread Index | Old Index