On Thu, 2009-07-09 at 09:56 -0500, Neil Aggarwal wrote:
Hello:
I have been looking into projects that will automatically restrict hacking attempts on my servers running CentOS 5.
I think the two top contenders are: DenyHosts - http://denyhosts.sourceforge.net Fail2ban - http://www.fail2ban.org
From what I see, DenyHosts only blocks based on failed
SSH attempts whereas Fail2ban blocks failed attempts for other access as well.
That is incorrect. Denyhosts has a config option named "BLOCK_SERVICE" which can be set to "ALL". Check out the description included in the sample config file.
I have been using Denyhosts for at least 3 years now, and been satisfied enough with it that I have not gone looking for alternatives, so I can't rationally compare it with Fail2ban. I have seen numerous reports on the Web of people being happy with Fail2ban, so I guess it comes down to which one you are comfortable with.
The only other observation I have is that most of my machines have very few services exposed to the Internet. Most services on my Internet-facing boxes are either disabled or limited by firewall rules, so the Denyhosts/Fail2ban layer gets less work. I suggest that you critically evaluate the services you choose to make available to the 'Net from a similar viewpoint.
Just my $0.02 (US) worth. ;>
The main benefit I see from DenyHosts is their synchronization service where my servers can proactively block hosts recognized by other users of their service.
Does anyone have experience with these tools and have recommendations?
Thanks, Neil
-- Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com Will your e-commerce site go offline if you have a DB server failure, fiber cut, flood, fire, or other disaster? If so, ask me about our geographically redudant database system.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos