0

What about Unix sockets? I have created my own server application that needs protection.

My two options:

  • Creating a log file for fail2ban to watch
  • Establish networking between my server application and fail2ban (Unix sockets)
m0p3r
  • 3
  • 1
  • 2
    Doesn't your application [already log](https://12factor.net/logs)? – Michael Hampton Aug 08 '18 at 17:21
  • Not yet; it's in early stages of development. However, it will - and fail2ban will be able to watch it. My question relates to why limit fail2ban only to log files. There could definitely be a standardized net protocol. – m0p3r Aug 08 '18 at 17:27
  • fail2ban can also read the systemd journal. So logfiles are not strictly necessary. – Michael Hampton Aug 08 '18 at 17:30
  • the log is standard, bsd, unix, windows, etc.. it was done to be easy to adapt to is my guess – yagmoth555 Aug 08 '18 at 17:36

1 Answers1

1

fail2ban does not monitor unix sockets; it only works with logfiles. The rationale probably are:

  • logging is easy: you can not only log on a custom file, but also tap into syslog/journal with very little effort;

  • plain text logs are very handy when you are creating/verifying custom fail2ban regex/rules;

  • unix sockets can be used for a moltitude of communication protocol, while a plain log file is very "direct" about its content and format rules;

  • finally, in the *nix word logging is mostly done with standard text files. Why deviating from such (good!) behavior?

shodanshok
  • 44,038
  • 6
  • 98
  • 162