Protecting against ssh brute-force attacks
Nicolas Mailhot
nicolas.mailhot at laposte.net
Wed Nov 2 18:18:57 UTC 2005
Le mercredi 02 novembre 2005 à 12:11 -0500, Neal Becker a écrit :
> denyhosts has a big problem - it never removes entries - so hosts.deny will
> grow without bounds.
>
> I suggest daemonshield. Uses iptables, so is probably faster - does expire
> entries, AND can protect more that just ssh.
This one is not in FE and I won't bother pulling in a third redondant
utility. Even though iptables integration would be nice.
Anyway my feeling after the previous posts is denyhosts is full-featured
and easy to install, while pam_abl seems a more "correct" and reactive
solution.
I wonder if I'll dare install a FE pam package on a rawhide system...
The idea has some sort of evil appeal.
Regards,
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20051102/a31d7999/attachment.sig>
More information about the fedora-extras-list
mailing list