Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Nov 2012 16:25:45 -0700
From:      Josh Beard <josh@hewbert.com>
To:        Aleksandr Miroslav <alexmiroslav@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: denyhosts, fail2ban, or something else?
Message-ID:  <CAHDrHSvpsLOC07yNb7OS1pihyjuTBD%2BxLztbdjzKJP1sgrDoVQ@mail.gmail.com>
In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
References:  <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 27, 2012 at 3:25 PM, Aleksandr Miroslav
<alexmiroslav@gmail.com>wrote:

> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
>
> This is for a FreeBSD 8.x box running pf, btw.
>
> Thanks
>

I've been using fail2ban (security/py-fail2ban) for a few years on my
FreeBSD and Linux systems and can't complain.  I like that I can easily
write a regex for any arbitrary log file and perform any action I want.  By
default, the port will install both ipfw and pf "actions."

I can't give an honest opinion about DenyHosts or SSHGuard, having never
used them.  Fail2Ban, however, isn't specific to a service or action -
simply a regex matches a log file and performs an action.

Josh



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHDrHSvpsLOC07yNb7OS1pihyjuTBD%2BxLztbdjzKJP1sgrDoVQ>