Fail2Ban (authentication failure monitor) is an intrusion prevention software, written in Python. Fail2Ban analyzes various services log files (ssh, apache, postfix etc) and if it detects possible attacks (mainly Brute-force attacks), it creates rules on the firewall (iptables and many others) or tcp wrappers (/etc/hosts.deny) to ban (temporarily or permanently) the wannabe hacker. Simultaneously, fail2Ban informs system administrator with email for its activity in real time.
Some activities which considered as attacks are: Read more
- A managed switch supporting SNMP
- Write access to the switch through SNMP
The idea behind this method is to either isolate the entire node or isolate the node from shared storage. The way this is done is to call the switch using the proper command to disable one or more port(s) on the switch and doing so effectively avoid the node from being able to start a VM or CT on the shared storage since no route will exists to the shared storage from the node. Restoring the access to the shared storage requires operator intervention on the switch or by running the fence command with the option to open the port(s) again. If the nodes are using bonding you need to disable the bridge aggregation on the switch and not the individual ports which is members of the bridge aggregation.