[CentOS] Interpreting logwatch
Ray Leventhal
centos at swhi.net
Wed Sep 8 16:26:43 UTC 2010
On 9/8/2010 9:52 AM, Matthew Miller wrote:
> On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote:
>> Thanks, I'll try that.
>> I had heard of fail2ban , but was slightly put off by the strange name;
>> what exactly is the name meant to convey?
> "to" as in the sense of "moving to", or "converting to". Failures (login
> failures normally, but other errors or log patterns can be used) cause the
> triggering IP address to be banned. (Or another action to be taken.)
>
> This is excellent for preventing brute-force ssh attacks.
>
I've never used fail2ban, but from the wide community support, I'm sure
it is more than just a viable option.
Not to discount any of the good advice given here, but I've had great
successes with Advanced Policy Firewall (apf) [1] as a front-end to
iptables, and an adjunct program, Brute Force Detection (bfd)[2].
Very flexible and easy-to-adjust settings, with global settings easily
overridden on a service-by-service level.
My .02. YMMV, of course.
HTH,
-Ray
[1] http://www.rfxn.com/projects/advanced-policy-firewall/
Note: I've always installed from the rfxn.com site directly, but there
appears to be an RPM available at rpmforge:
http://www.rpmfind.net/linux/RPM/dag/redhat/el5/i386/apf-9.7_1-1.el5.rf.noarch.html
[2] http://www.rfxn.com/projects/brute-force-detection/
More information about the CentOS
mailing list