[tor-relays] doc/HARDENING Draft
Garrett DeBoer
garrettdeboer at yahoo.com
Fri Nov 28 01:44:25 UTC 2014
Stop
Sent from my iPhone
> On Nov 27, 2014, at 8:42 PM, Libertas <libertas at mykolab.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> On 11/27/2014 07:50 PM, tor at zengers.de wrote:
>> And I agree about SSHGuard. I've had a better experience with it,
>> and it generally seems like a more carefully developed and more
>> thoroughly documented project. Strangely, though, most experienced
>> sysadmins still use and suggest fail2ban. Maybe I'm just missing
>> something, or maybe people don't know about SSHGuard.
>>
>> I'm still wondering about the popularity of fail2ban and SSHGuard,
>> specially in regard to the ssh service. You can achieve almost the
>> some behaviour with every major firewall. See for example [1] and
>> [2].
>>
>> And for the lazy ones, my current configs: ...
>
> True, and thanks for the examples. I think the daemons are probably a
> better move for those who aren't firewall veterans, as everyone else
> would probably be copy-and-pasting firewall configs like the ones you
> gave and praying that they worked. The daemons probably also have more
> nuanced and flexible policies.
>
> You also reminded me of a big factor I forgot to mention in the doc:
> firewalls.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJUd9MUAAoJELxHvGCsI27NlY0P/0MeYML3CCLlF3JHRDVy85CE
> FjjQlUjIH3wnTGuQJE/ooubWH8KslLhSq2PjBXMgxuObshf9DEHWHy7KNYvAJ+GE
> 1VMjONDV6uuZILLPur1UxFlSPrB2LfzBJCqLfx/LmtQFPoH3AztJnkyqLZIkVcMs
> X8IJ4Dv2kvX3q9oIXdqyiTECLSsAZ5GyhOcNPZGLdijaijWL6ajrpq74NE89cjNu
> TX4d5eR2WSJm18lQ3ViOwh4DmdRA/HeqtH/M3/DsDJvOP4D5lrERrc6ghBShZdsl
> dKndLPLWFTGGdV4DAbn96FBZQW9q2feRb+DBSdOXPlc8KqOFF2BMrb2a4tWv/szs
> uiTqsYTDj7TkvOLIR3Y1V1uRm6WvxdU5FKNH7+qouQg8G4hLPrcxmIGOTELDZtzn
> s30ffOScgM7kn3qb8hbs50peMDb3A67GXgNFnvFSf1eAaWJQdDbzYEfxzBzGvtvb
> DYCeavXAKC8LsgRIcfjnuhPuTfP0PSKX0RABgPR0hkt3TGsCObMSUETHD1IqRv+1
> wWjLf+52Kn9ZwPxPxUt8yngaOZr9iGAKlQJJwoacujAFCjoGR+SflEojFjBcdyVV
> mZqgyDgSeAhPZyMIY5shY5VJcT7wBbUy8oLSEjdfOxrfUe4dHLPfGvPmv7U2sJQX
> rVwbNoRfYr2mhgLap7dN
> =UtrW
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list