Date: Tue, 27 Nov 2012 16:25:45 -0700 From: Josh Beard <josh@hewbert.com> To: Aleksandr Miroslav <alexmiroslav@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: denyhosts, fail2ban, or something else? Message-ID: <CAHDrHSvpsLOC07yNb7OS1pihyjuTBD%2BxLztbdjzKJP1sgrDoVQ@mail.gmail.com> In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com> References: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 27, 2012 at 3:25 PM, Aleksandr Miroslav <alexmiroslav@gmail.com>wrote: > Finally got sick of seeing tons of ssh break-in attempts in my logs. Am > considering using denyhosts, or fail2ban. Anyone have any experience > with these? > > I'm already using the AllowUsers facility of ssh to only allow specific > users in, so I'm not overly concerned about the attempts. > > This is for a FreeBSD 8.x box running pf, btw. > > Thanks > I've been using fail2ban (security/py-fail2ban) for a few years on my FreeBSD and Linux systems and can't complain. I like that I can easily write a regex for any arbitrary log file and perform any action I want. By default, the port will install both ipfw and pf "actions." I can't give an honest opinion about DenyHosts or SSHGuard, having never used them. Fail2Ban, however, isn't specific to a service or action - simply a regex matches a log file and performs an action. Josh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHDrHSvpsLOC07yNb7OS1pihyjuTBD%2BxLztbdjzKJP1sgrDoVQ>