[CentOS] Am I being to paranoid?

Sun May 8 22:31:27 UTC 2011
John Hinton <webmaster at ew3d.com>

On 5/8/2011 4:53 PM, John R. Dennison wrote:
> On Sun, May 08, 2011 at 08:57:23PM +0300, Eero Volotinen wrote:
>> You should take a look at mod_security: http://www.modsecurity.org/ ,
>> if provides better ways to block hostile attacks and probes.
> Really?  99 lines of untrimmed material for a 2 line reply?
I don't have personal experience with this, but I have heard that 
modsecurity does not play nice with some websites. If you are in a 
virtual hosting situation, it might be a bit too early to jump on that 
ship? I'll hopefully wait for it to become more of a 'standard'.

I run Ossec on several servers and Fail2Ban on several others. At the 
moment, I prefer Fail2Ban. Configuration is not straight forward on 
either, but personally, I seem to get along better creating/editing 
Fail2Ban rules. It's sort of hard to do comparisons as each server has 
differing accesses, but my gut tells my that Fail2Ban is a little easier 
on server loads. Both do a lot of reads, constantly monitoring for 
intrusion attempts.

I know Fail2Ban is not a CentOS standard package, but it would be nice 
if we could build a place on the CentOS website where rules could be 
shared. Each environment is a bit different and so the rules need to be 
adapted. I have found the need for edits even between CentOS 3, 4 and 5 

John Hinton
877-777-1407 ext 502
Comprehensive Online Solutions