1 |
Ricardo Saffi Marques <saffi <at> las.ic.unicamp.br> writes: |
2 |
|
3 |
|
4 |
> Don't forget denyhosts and I'd also use metalog instead of syslog-ng. |
5 |
|
6 |
Hmmm, |
7 |
|
8 |
So you are suggesting to run 'denyhosts' directly on the firewall ? |
9 |
|
10 |
portage has version 0.8-r1 but I see version 2.6 for download..... |
11 |
|
12 |
Which version do you use? If newer than 0.8-rc1 How did you install it |
13 |
(overlay, compile sources) ? |
14 |
|
15 |
How much cpu/ram resources does denyhosts use, during an active |
16 |
attack? (guesstimate is ok)? |
17 |
|
18 |
|
19 |
On logging, I'm not sure how I want to handle this on old hardware |
20 |
with limited disk space. NO doubt I'll just stream it somewhere, but |
21 |
you have to be careful not to use too much processor/ram/resources |
22 |
on these old firewalls, so I may just set something up and have the |
23 |
ability to turn logging on/off depending on needs. It get's more complicated |
24 |
if it's just a remote firewall I manage for a friend..... |
25 |
They would not know what to do, no matter what application |
26 |
it's plugged into for analysis....... |
27 |
|
28 |
(gotta think about the logging/analysis issue some more).... |
29 |
|
30 |
|
31 |
James |
32 |
|
33 |
|
34 |
|
35 |
|
36 |
-- |
37 |
gentoo-user@l.g.o mailing list |