[CentOS] Interpreting logwatch

Wed Sep 8 16:26:43 UTC 2010
Ray Leventhal <centos at swhi.net>

  On 9/8/2010 9:52 AM, Matthew Miller wrote:
> On Wed, Sep 08, 2010 at 02:47:46PM +0100, Timothy Murphy wrote:
>> Thanks, I'll try that.
>> I had heard of fail2ban , but was slightly put off by the strange name;
>> what exactly is the name meant to convey?
> "to" as in the sense of "moving to", or "converting to". Failures (login
> failures normally, but other errors or log patterns can be used) cause the
> triggering IP address to be banned. (Or another action to be taken.)
>
> This is excellent for preventing brute-force ssh attacks.
>
I've never used fail2ban, but from the wide community support, I'm sure 
it is more than just a viable option.

Not to discount any of the good advice given here, but I've had great 
successes with Advanced Policy Firewall  (apf) [1] as a front-end to 
iptables, and an adjunct program, Brute Force Detection (bfd)[2].

Very flexible and easy-to-adjust settings, with global settings easily 
overridden on a service-by-service level.

My .02. YMMV, of course.

HTH,
-Ray

[1] http://www.rfxn.com/projects/advanced-policy-firewall/
Note: I've always installed from the rfxn.com site directly, but there 
appears to be an RPM available at rpmforge:
http://www.rpmfind.net/linux/RPM/dag/redhat/el5/i386/apf-9.7_1-1.el5.rf.noarch.html

[2] http://www.rfxn.com/projects/brute-force-detection/