On 5/8/2011 4:53 PM, John R. Dennison wrote:
On Sun, May 08, 2011 at 08:57:23PM +0300, Eero Volotinen wrote:
You should take a look at mod_security: http://www.modsecurity.org/ , if provides better ways to block hostile attacks and probes.
Really? 99 lines of untrimmed material for a 2 line reply?
I don't have personal experience with this, but I have heard that modsecurity does not play nice with some websites. If you are in a virtual hosting situation, it might be a bit too early to jump on that ship? I'll hopefully wait for it to become more of a 'standard'.
I run Ossec on several servers and Fail2Ban on several others. At the moment, I prefer Fail2Ban. Configuration is not straight forward on either, but personally, I seem to get along better creating/editing Fail2Ban rules. It's sort of hard to do comparisons as each server has differing accesses, but my gut tells my that Fail2Ban is a little easier on server loads. Both do a lot of reads, constantly monitoring for intrusion attempts.
I know Fail2Ban is not a CentOS standard package, but it would be nice if we could build a place on the CentOS website where rules could be shared. Each environment is a bit different and so the rules need to be adapted. I have found the need for edits even between CentOS 3, 4 and 5 boxes.