-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Thanks for the heads-up about unattended-upgrades, I hadn't heard of that.
And I agree about SSHGuard. I've had a better experience with it, and it generally seems like a more carefully developed and more thoroughly documented project. Strangely, though, most experienced sysadmins still use and suggest fail2ban. Maybe I'm just missing something, or maybe people don't know about SSHGuard.
On 11/24/2014 11:29 PM, Tor Operator wrote:
On Mon, Nov 24, 2014 at 06:09:34PM -0500, Libertas wrote:
Be sure to stay up-to-date using apt-get, and consider using cron-apt to automatically update: https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
Maybe it also worth covering unattended-upgrades package to keep Debian up to date. It requires to run "dpkg-reconfigure unattended-upgrades" after install as it doesn't enable automatic upgrades right away after install and supposedly don't do potentially dangerous operations like kernel upgrades automatically. Using it in production myself, really helps to keep OS up to date.
Also for protecting SSH SSHGuard is in my opinion a much better choice as it supports IPv6 unlike fail2ban (I heard there were patches for fail2ban to address that but I'm not sure if they are already in mainstream and available in all distributions).