[CentOS] Looking for recommendations for blocking hacking attempts

Thu Jul 9 15:16:00 UTC 2009
Ron Loftin <reloftin at twcny.rr.com>

On Thu, 2009-07-09 at 09:56 -0500, Neil Aggarwal wrote:
> Hello:
> 
> I have been looking into projects that will automatically
> restrict hacking attempts on my servers running CentOS 5.
> 
> I think the two top contenders are:
> 	DenyHosts - http://denyhosts.sourceforge.net
> 	Fail2ban - http://www.fail2ban.org
> 
> >From what I see, DenyHosts only blocks based on failed
> SSH attempts whereas Fail2ban blocks failed attempts
> for other access as well.

That is incorrect.  Denyhosts has a config option named "BLOCK_SERVICE"
which can be set to "ALL".  Check out the description included in the
sample config file.

I have been using Denyhosts for at least 3 years now, and been satisfied
enough with it that I have not gone looking for alternatives, so I can't
rationally compare it with Fail2ban.  I have seen numerous reports on
the Web of people being happy with Fail2ban, so I guess it comes down to
which one you are comfortable with.

The only other observation I have is that most of my machines have very
few services exposed to the Internet.  Most services on my
Internet-facing boxes are either disabled or limited by firewall rules,
so the Denyhosts/Fail2ban layer gets less work.  I suggest that you
critically evaluate the services you choose to make available to the
'Net from a similar viewpoint.

Just my $0.02 (US) worth. ;>

> 
> The main benefit I see from DenyHosts is their synchronization
> service where my servers can proactively block hosts recognized
> by other users of their service.
> 
> Does anyone have experience with these tools and have
> recommendations?
> 
> Thanks,
> 	Neil
> 
> --
> Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com
> Will your e-commerce site go offline if you have
> a DB server failure, fiber cut, flood, fire, or other disaster?
> If so, ask me about our geographically redudant database system.
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
-- 
Ron Loftin                      reloftin at twcny.rr.com

"God, root, what is difference ?"       Piter from UserFriendly