| 1 |
On Mon, Sep 14, 2009 at 9:17 PM, Arturo 'Buanzo' Busleiman |
| 2 |
<buanzo@××××××××××.ar> wrote: |
| 3 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 4 |
> Hash: SHA512 |
| 5 |
> |
| 6 |
> paul kölle wrote: |
| 7 |
>> Not really. IMO all these brute-force-polling-logwatcher are pretty bad |
| 8 |
>> design. If proftpd uses pam you should search for pam_shield, it can |
| 9 |
>> recognize failed logins and insert the appropriate rules into your |
| 10 |
>> firewall. |
| 11 |
> |
| 12 |
> You've just stated a particular set of cases: applications that do auth and support pam. |
| 13 |
> |
| 14 |
> fail2ban is also used with fastcgi, lighttpd, apache, mod_security, nagios, etc, etc, etc. |
| 15 |
> |
| 16 |
> and polling is the fallback method.... |
| 17 |
> |
| 18 |
> anyway, subjective opinon here, i'm one of fail2ban developers :P - don't take me seriously. |
| 19 |
Sorry man, I didn't want to bash you work. Of course pam_shield is |
| 20 |
limited to pam-enabled apps but in that cases it's better suited as it |
| 21 |
can actually tell if there was a failed *login*. I hope we can agree |
| 22 |
here ;) |
| 23 |
|
| 24 |
cheers |
| 25 |
Paul |
| 26 |
> |
| 27 |
> - -- |
| 28 |
> Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 |
| 29 |
> Independent Linux and Security Consultant - SANS - OISSG - OWASP |
| 30 |
> http://www.buanzo.com.ar/pro/eng.html |
| 31 |
> Mailing List Archives at http://archiver.mailfighter.net |
| 32 |
> -----BEGIN PGP SIGNATURE----- |
| 33 |
> Version: GnuPG v1.4.9 (GNU/Linux) |
| 34 |
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 35 |
> |
| 36 |
> iEYEAREKAAYFAkqulskACgkQAlpOsGhXcE2vLACfYog8xe6K8o71kxu2WrdBZcLn |
| 37 |
> qhcAniFwShclOrirUE+wQKQHEOxxTA5l |
| 38 |
> =BCAP |
| 39 |
> -----END PGP SIGNATURE----- |
| 40 |
> |
| 41 |
> |
Archives