1 |
On Mon, Sep 14, 2009 at 9:17 PM, Arturo 'Buanzo' Busleiman |
2 |
<buanzo@××××××××××.ar> wrote: |
3 |
> -----BEGIN PGP SIGNED MESSAGE----- |
4 |
> Hash: SHA512 |
5 |
> |
6 |
> paul kölle wrote: |
7 |
>> Not really. IMO all these brute-force-polling-logwatcher are pretty bad |
8 |
>> design. If proftpd uses pam you should search for pam_shield, it can |
9 |
>> recognize failed logins and insert the appropriate rules into your |
10 |
>> firewall. |
11 |
> |
12 |
> You've just stated a particular set of cases: applications that do auth and support pam. |
13 |
> |
14 |
> fail2ban is also used with fastcgi, lighttpd, apache, mod_security, nagios, etc, etc, etc. |
15 |
> |
16 |
> and polling is the fallback method.... |
17 |
> |
18 |
> anyway, subjective opinon here, i'm one of fail2ban developers :P - don't take me seriously. |
19 |
Sorry man, I didn't want to bash you work. Of course pam_shield is |
20 |
limited to pam-enabled apps but in that cases it's better suited as it |
21 |
can actually tell if there was a failed *login*. I hope we can agree |
22 |
here ;) |
23 |
|
24 |
cheers |
25 |
Paul |
26 |
> |
27 |
> - -- |
28 |
> Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 |
29 |
> Independent Linux and Security Consultant - SANS - OISSG - OWASP |
30 |
> http://www.buanzo.com.ar/pro/eng.html |
31 |
> Mailing List Archives at http://archiver.mailfighter.net |
32 |
> -----BEGIN PGP SIGNATURE----- |
33 |
> Version: GnuPG v1.4.9 (GNU/Linux) |
34 |
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
35 |
> |
36 |
> iEYEAREKAAYFAkqulskACgkQAlpOsGhXcE2vLACfYog8xe6K8o71kxu2WrdBZcLn |
37 |
> qhcAniFwShclOrirUE+wQKQHEOxxTA5l |
38 |
> =BCAP |
39 |
> -----END PGP SIGNATURE----- |
40 |
> |
41 |
> |