[CentOS] Looking for recommendations for blocking hacking attempts
Ron Loftin
reloftin at twcny.rr.com
Thu Jul 9 15:16:00 UTC 2009
On Thu, 2009-07-09 at 09:56 -0500, Neil Aggarwal wrote:
> Hello:
>
> I have been looking into projects that will automatically
> restrict hacking attempts on my servers running CentOS 5.
>
> I think the two top contenders are:
> DenyHosts - http://denyhosts.sourceforge.net
> Fail2ban - http://www.fail2ban.org
>
> >From what I see, DenyHosts only blocks based on failed
> SSH attempts whereas Fail2ban blocks failed attempts
> for other access as well.
That is incorrect. Denyhosts has a config option named "BLOCK_SERVICE"
which can be set to "ALL". Check out the description included in the
sample config file.
I have been using Denyhosts for at least 3 years now, and been satisfied
enough with it that I have not gone looking for alternatives, so I can't
rationally compare it with Fail2ban. I have seen numerous reports on
the Web of people being happy with Fail2ban, so I guess it comes down to
which one you are comfortable with.
The only other observation I have is that most of my machines have very
few services exposed to the Internet. Most services on my
Internet-facing boxes are either disabled or limited by firewall rules,
so the Denyhosts/Fail2ban layer gets less work. I suggest that you
critically evaluate the services you choose to make available to the
'Net from a similar viewpoint.
Just my $0.02 (US) worth. ;>
>
> The main benefit I see from DenyHosts is their synchronization
> service where my servers can proactively block hosts recognized
> by other users of their service.
>
> Does anyone have experience with these tools and have
> recommendations?
>
> Thanks,
> Neil
>
> --
> Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com
> Will your e-commerce site go offline if you have
> a DB server failure, fiber cut, flood, fire, or other disaster?
> If so, ask me about our geographically redudant database system.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
Ron Loftin reloftin at twcny.rr.com
"God, root, what is difference ?" Piter from UserFriendly
More information about the CentOS
mailing list