We all know them: brute force attacks. Be it SSH, SMTP, IMAP, your favorite web application, ... they happen. And they happen all the time.
If you follow security best practices, they aren't necessarily a problem. Take SSH for example. Everybody knows you should disable password authentication. You can also restrict access to the SSH service to allow only connections from your IP addresses in the firewall, but that can be annoying when you're travelling and your VPN connection is blocked by whatever shady network you're on. And while restricting IP access is possible for SSH, you can't really do that for a public service.
Enter Fail2ban. Most of you probably know Fail2ban already, and if you don't, you should look into it. Anyway, I'm not writing this post to promote Fail2ban, but to promote a tiny daemon I started working on very recently: vallumd.
I've had the idea to create something to share ban lists between Fail2ban instances in my head for quite some time, but due to lack of motivation, I never started working on it. Until recently someone in the LEDE IRC channel asked if there was a tool to have Fail2ban on 2 Debian servers behind a LEDE router push the malicious IPs to the LEDE router instead.
And so vallumd was born. Written in C, to be small and lightweight, so that people can install it on their LEDE or OpenWrt routers, even if they only have 4MB of flash.
Don't expect many features, as I only started working on this a few days ago. But it works, and I've already deployed it on most of my machines, being a mix of LEDE, Gentoo, Debian and CentOS.
So if you're interested, have a look at the Github repo, give it a try, and let me know what you think. Happy blacklisting!