<div>On 11/1/05, Nicolas Mailhot <<a href="mailto:nicolas.mailhot@laposte.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">nicolas.mailhot@laposte.net </a>> wrote:<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Anyone tried them ? Care to recommend one or the other ? </blockquote></div> Since the discussion focused on denyhosts, I installed pam_abl to see how it stacked up. Wow. To sum it up in one word. Now, I knew this brute force was coming through because I had cron's dumping out saying what users were failing and crap. Running the included "pam_abl" program, it reports some statistics and stuff that it did based on what had happened. For example, for failed hosts, I got the following in a couple of hours of running it: Failed hosts: <a href="http://140.130.111.211" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">140.130.111.211</a> (9) Not blocking <a href="http://219.149.13.154" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">219.149.13.154</a> (7) Not blocking <a href="http://61-218-175-2.hinet-ip.hinet.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">61-218-175-2.hinet-ip.hinet.net</a> (4529) Blocking users [*] <a href="http://80.169.137.162" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">80.169.137.162</a> (1) Not blocking Check that, 4529. Most of it was hitting root. There's also a report of which users were tried (of course, we all knew about this coming from cron.) and also the associated counts. My list is too long to be of use as an example. The CPU utilization is great. Maintained previous levels without any hit. But, disadvantage is not having an iptables lockout of the hosts engaged in their devious behaviors. This would be cool. Kind of get sick of the logs in LogWatch. pam_abl does *not* alleviate the log problem. -- -jeff