D-bus integration
Philipp Marek
philipp at marek.priv.at
Fri Apr 12 15:36:26 AEST 2024
> I was looking at the fail2ban project and had an idea that instead of
> parsing log files it could be possible to notify interested parties
> (like fail2ban) via (for instance) D-bus about a failed login attempt.
>
> Other application could also use this protocol to notify about suspect
> behaviors. A central functionality will allow for other (new) projects
> to integrate without much effort.
>
> What do you think?
Apart from the current trend of minimizing attach surface,
this would need some kind of queue in case the analyzer
was stopped, temporarily busy, or whatever.
I guess that should use stable storage instead of RAM
(to not go OOM just because of external events) -
and now we're at the current solution already,
with sshd logging to disk and fail2ban reading these files.
Sure, we might be able to ease parsing by dropping JSON
instead of text files -- but that would be _additional_ IO,
and the "problem" of parsing is already solved,
so it doesn't seem to be any real improvement.
More information about the openssh-unix-dev
mailing list