| 1 |
Ricardo Saffi Marques <saffi <at> las.ic.unicamp.br> writes: |
| 2 |
|
| 3 |
|
| 4 |
> Don't forget denyhosts and I'd also use metalog instead of syslog-ng. |
| 5 |
|
| 6 |
Hmmm, |
| 7 |
|
| 8 |
So you are suggesting to run 'denyhosts' directly on the firewall ? |
| 9 |
|
| 10 |
portage has version 0.8-r1 but I see version 2.6 for download..... |
| 11 |
|
| 12 |
Which version do you use? If newer than 0.8-rc1 How did you install it |
| 13 |
(overlay, compile sources) ? |
| 14 |
|
| 15 |
How much cpu/ram resources does denyhosts use, during an active |
| 16 |
attack? (guesstimate is ok)? |
| 17 |
|
| 18 |
|
| 19 |
On logging, I'm not sure how I want to handle this on old hardware |
| 20 |
with limited disk space. NO doubt I'll just stream it somewhere, but |
| 21 |
you have to be careful not to use too much processor/ram/resources |
| 22 |
on these old firewalls, so I may just set something up and have the |
| 23 |
ability to turn logging on/off depending on needs. It get's more complicated |
| 24 |
if it's just a remote firewall I manage for a friend..... |
| 25 |
They would not know what to do, no matter what application |
| 26 |
it's plugged into for analysis....... |
| 27 |
|
| 28 |
(gotta think about the logging/analysis issue some more).... |
| 29 |
|
| 30 |
|
| 31 |
James |
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-user@l.g.o mailing list |
Archives