-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 11/27/2014 07:50 PM, tor@zengers.de wrote:
And I agree about SSHGuard. I've had a better experience with it, and it generally seems like a more carefully developed and more thoroughly documented project. Strangely, though, most experienced sysadmins still use and suggest fail2ban. Maybe I'm just missing something, or maybe people don't know about SSHGuard.
I'm still wondering about the popularity of fail2ban and SSHGuard, specially in regard to the ssh service. You can achieve almost the some behaviour with every major firewall. See for example [1] and [2].
And for the lazy ones, my current configs: ...
True, and thanks for the examples. I think the daemons are probably a better move for those who aren't firewall veterans, as everyone else would probably be copy-and-pasting firewall configs like the ones you gave and praying that they worked. The daemons probably also have more nuanced and flexible policies.
You also reminded me of a big factor I forgot to mention in the doc: firewalls.