|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Fail2ban (was: Re: 'logcheck')
|
On Sun, Mar 22, 2009 at 4:17 PM, JP Vossen <jp@jpsdomain.org> wrote:
> I have said this before but I am a huge fan of the Debian/Ubuntu
> implementation of logcheck. I am also not aware of any other major
> distro that makes using logcheck so "built-in" and easy.
>
> If you run any kind of Debian/Ubuntu server, you really need to be using
> this. As soon as something bad or new happens, you get an email. It's
> like magic.
Speaking of "must have" packages for servers, I'm a big fan of fail2ban, myself:
fail2ban - bans IPs that cause multiple authentication errors
By default, installing fail2ban via apt-get will also include a
configuration that drops traffic from a remote host after 6 failed SSH
attempts. This was a godsend when some host from China kept trying to
log into one of my machines every 10 seconds. The installation
process started the daemon, and 6 login attempts later, all traffic
from that host was dropped via iptables.
-- Doug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|