On 5/8/2011 4:53 PM, John R. Dennison wrote: > On Sun, May 08, 2011 at 08:57:23PM +0300, Eero Volotinen wrote: >> You should take a look at mod_security: http://www.modsecurity.org/ , >> if provides better ways to block hostile attacks and probes. > Really? 99 lines of untrimmed material for a 2 line reply? I don't have personal experience with this, but I have heard that modsecurity does not play nice with some websites. If you are in a virtual hosting situation, it might be a bit too early to jump on that ship? I'll hopefully wait for it to become more of a 'standard'. I run Ossec on several servers and Fail2Ban on several others. At the moment, I prefer Fail2Ban. Configuration is not straight forward on either, but personally, I seem to get along better creating/editing Fail2Ban rules. It's sort of hard to do comparisons as each server has differing accesses, but my gut tells my that Fail2Ban is a little easier on server loads. Both do a lot of reads, constantly monitoring for intrusion attempts. I know Fail2Ban is not a CentOS standard package, but it would be nice if we could build a place on the CentOS website where rules could be shared. Each environment is a bit different and so the rules need to be adapted. I have found the need for edits even between CentOS 3, 4 and 5 boxes. -- John Hinton 877-777-1407 ext 502 http://www.ew3d.com Comprehensive Online Solutions