Hello--

I've written a simple little package to allow a probe to be detected on
any one
of a set of machines, and have all the machines in the set apply the same
ban
immediately.

OSSEC does this, and I thought it might be cool to allow other packages
like fail2ban, or psad, or whatever, to use a mechanism like this. All the
package
has to have is a command-line ability to "manually" apply a ban, and
the ability to run an external script when a ban is executed. Psad has both
these abilities (or will, in 2.2.4). In the meantime, I include a patch for
existing
code.

I've tested it out on a set of around 40 machines in a couple different
clouds.
Works well.

It's a bit raw and young, but it works well. Built on zeromq/czmq. All
communications
are encrypted. Three programs: banshare-server (one per set of clients),
banshare-client (one per host running fail2ban/psad/etc). and
banshare-report, (one per
host running fail2ban/psad/etc). A Deployment scheme is included, or you can
build your own.

Check it out! git clone https://github.com/WyoMurf/banshare.git

murf