denyhosts, fail2ban, or something else?
Josh Beard
josh at hewbert.com
Tue Nov 27 23:25:49 UTC 2012
On Tue, Nov 27, 2012 at 3:25 PM, Aleksandr Miroslav
<alexmiroslav at gmail.com>wrote:
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
>
> This is for a FreeBSD 8.x box running pf, btw.
>
> Thanks
>
I've been using fail2ban (security/py-fail2ban) for a few years on my
FreeBSD and Linux systems and can't complain. I like that I can easily
write a regex for any arbitrary log file and perform any action I want. By
default, the port will install both ipfw and pf "actions."
I can't give an honest opinion about DenyHosts or SSHGuard, having never
used them. Fail2Ban, however, isn't specific to a service or action -
simply a regex matches a log file and performs an action.
Josh
More information about the freebsd-questions
mailing list