On Mon, 23 Aug 2010, Karanbir Singh wrote: > On 08/23/2010 03:58 PM, Rob Kampen wrote: >>> pam_shield is available from RPMforge and requires a minimum of >>> configuration. >> Never heard of this one before - just installed and simple to configure. >> I note that version 0.9.3 was released April 2010 and includes a >> supposed memory leak fix - maybe time for an update? > > given the overall lower cost of running pam_shield, it makes for a much > better solution than denyhosts or fail2ban ( for many situations ). You > just need to be careful that you dont end up DoS'ing yourself, so weigh > in some typical scenarios and test in a sandbox environment. You can whitelist known IP addresses (or FQDNs), but indeed there is the possibility that someone else (from your IP address) can DOS you as it is IP-based. Although that risk is limited, you need to understand how it works :) -- -- dag wieers, dag at wieers.com, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]