[CentOS] Am I being to paranoid?
John Hinton
webmaster at ew3d.com
Sun May 8 22:31:27 UTC 2011
On 5/8/2011 4:53 PM, John R. Dennison wrote:
> On Sun, May 08, 2011 at 08:57:23PM +0300, Eero Volotinen wrote:
>> You should take a look at mod_security: http://www.modsecurity.org/ ,
>> if provides better ways to block hostile attacks and probes.
> Really? 99 lines of untrimmed material for a 2 line reply?
I don't have personal experience with this, but I have heard that
modsecurity does not play nice with some websites. If you are in a
virtual hosting situation, it might be a bit too early to jump on that
ship? I'll hopefully wait for it to become more of a 'standard'.
I run Ossec on several servers and Fail2Ban on several others. At the
moment, I prefer Fail2Ban. Configuration is not straight forward on
either, but personally, I seem to get along better creating/editing
Fail2Ban rules. It's sort of hard to do comparisons as each server has
differing accesses, but my gut tells my that Fail2Ban is a little easier
on server loads. Both do a lot of reads, constantly monitoring for
intrusion attempts.
I know Fail2Ban is not a CentOS standard package, but it would be nice
if we could build a place on the CentOS website where rules could be
shared. Each environment is a bit different and so the rules need to be
adapted. I have found the need for edits even between CentOS 3, 4 and 5
boxes.
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
More information about the CentOS
mailing list