[CentOS] Interpreting logwatch
centos at swhi.net
Wed Sep 8 12:26:43 EDT 2010
On 9/8/2010 9:52 AM, Matthew Miller wrote:
> On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote:
>> Thanks, I'll try that.
>> I had heard of fail2ban , but was slightly put off by the strange name;
>> what exactly is the name meant to convey?
> "to" as in the sense of "moving to", or "converting to". Failures (login
> failures normally, but other errors or log patterns can be used) cause the
> triggering IP address to be banned. (Or another action to be taken.)
> This is excellent for preventing brute-force ssh attacks.
I've never used fail2ban, but from the wide community support, I'm sure
it is more than just a viable option.
Not to discount any of the good advice given here, but I've had great
successes with Advanced Policy Firewall (apf)  as a front-end to
iptables, and an adjunct program, Brute Force Detection (bfd).
Very flexible and easy-to-adjust settings, with global settings easily
overridden on a service-by-service level.
My .02. YMMV, of course.
Note: I've always installed from the rfxn.com site directly, but there
appears to be an RPM available at rpmforge:
More information about the CentOS