From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MnSS3-0002p5-3A for garchives@archives.gentoo.org; Tue, 15 Sep 2009 07:27:47 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4E4F2E07F1; Tue, 15 Sep 2009 07:27:44 +0000 (UTC) Received: from mail-fx0-f211.google.com (mail-fx0-f211.google.com [209.85.220.211]) by pigeon.gentoo.org (Postfix) with ESMTP id 05C56E07F1 for ; Tue, 15 Sep 2009 07:27:43 +0000 (UTC) Received: by fxm7 with SMTP id 7so2590389fxm.34 for ; Tue, 15 Sep 2009 00:27:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=EP2MNquXhdm0/PWIqmZdgRre9HNleDdoBneytsaFIng=; b=eOmRVj6eOzb2psKSNnjlOQkqsVlWGgEV1zJqBEbND2EK1Ti3Q9CuDg067R/p/3MfvL CZLEHLDu1P2DNaFbdqIlUP34T0oL+X2Dso4XO0sRd9D4E7Q5lT1HDlnG/sqvbgyMfy++ tvhWiu5uCvBqp22kabOud56fQ4FrrR05gP6kQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=n+nXZ+mmgQptilzvVrKTbQriK0XmOSywmobs5wixIVw24Q0MBeJrOe6SdpNFyL9yET 4eBuZvvEYlChUvXixwaoEA3mIvpS6SG6SrqOk9TIjz/UIk+BAIxfxNvm3WSdRdrvmHDA 9mobPyGG0s/AwVHkMdYNnw6d6OrO4cHjeNHFQ= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 Received: by 10.102.149.23 with SMTP id w23mr3151429mud.38.1252999663291; Tue, 15 Sep 2009 00:27:43 -0700 (PDT) In-Reply-To: <4AAE96C9.3090900@buanzo.com.ar> References: <10114659.21222086363221.JavaMail.gibbonsr@twix.insanity5902.no-ip.org> <4A7559A4.4090400@gmail.com> <279fbba40908010253p11603234x627e90407f0eacf9@mail.gmail.com> <4A757751.5000000@gmail.com> <1249149991.4396.2.camel@laptop.homershut.net> <4A7DDE0E.60704@gmail.com> <4A7E0524.9010602@gmail.com> <4AAE96C9.3090900@buanzo.com.ar> Date: Tue, 15 Sep 2009 09:27:43 +0200 Message-ID: Subject: Re: [gentoo-server] iptables && fail2ban From: =?ISO-8859-1?Q?Paul_K=F6lle?= To: gentoo-server@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 2a3f0b4e-8377-47dd-babf-3d1633284955 X-Archives-Hash: 16f0b7e54062ed81c0f4ad3646343f27 On Mon, Sep 14, 2009 at 9:17 PM, Arturo 'Buanzo' Busleiman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > paul k=F6lle wrote: >> Not really. IMO all these brute-force-polling-logwatcher are pretty bad >> design. If proftpd uses pam you should search for pam_shield, it can >> recognize failed logins and insert the appropriate rules into your >> firewall. > > You've just stated a particular set of cases: applications that do auth a= nd support pam. > > fail2ban is also used with fastcgi, lighttpd, apache, mod_security, nagio= s, etc, etc, etc. > > and polling is the fallback method.... > > anyway, subjective opinon here, i'm one of fail2ban developers :P - don't= take me seriously. Sorry man, I didn't want to bash you work. Of course pam_shield is limited to pam-enabled apps but in that cases it's better suited as it can actually tell if there was a failed *login*. I hope we can agree here ;) cheers Paul > > - -- > Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 > Independent Linux and Security Consultant - SANS - OISSG - OWASP > http://www.buanzo.com.ar/pro/eng.html > Mailing List Archives at http://archiver.mailfighter.net > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEAREKAAYFAkqulskACgkQAlpOsGhXcE2vLACfYog8xe6K8o71kxu2WrdBZcLn > qhcAniFwShclOrirUE+wQKQHEOxxTA5l > =3DBCAP > -----END PGP SIGNATURE----- > >