| 1 |
On 16/09/2017 16:06, Stroller wrote: |
| 2 |
> Is anyone familiar enough with this subject to make a comparison between these two programs, please? |
| 3 |
> |
| 4 |
> If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but no-one saying why one might be better than the other. |
| 5 |
> |
| 6 |
> So far I'm favouring SSHGuard, but mostly because the website looks prettier. |
| 7 |
> |
| 8 |
> I want to be able to use passwords, so allowing logons only by public-key is no good (also would be nice to block failed IMAP connection attempts). |
| 9 |
> |
| 10 |
> Thanks in advance for any thoughts. |
| 11 |
> |
| 12 |
> Stroller. |
| 13 |
> |
| 14 |
|
| 15 |
|
| 16 |
Depends what you want, they both achieve the same end. fail2ban reads |
| 17 |
all manner of log files and such, decides based on rules if someone is |
| 18 |
being naughty, and then takes actually (most often listing the source |
| 19 |
address in a packet filter drop rule). |
| 20 |
|
| 21 |
As far as I'm aware (and could be wrong), sshguard is mostly just sshd |
| 22 |
whereas fail2ban works on anything you can give it consistent logs for. |
| 23 |
There's not much to choose between them really. |
| 24 |
|
| 25 |
So go for the one that seems to fit your needs best, if you scan the man |
| 26 |
pages and sample rules files and one jumps out as a clear winner than |
| 27 |
you understand easily, then that is the one you use. |
| 28 |
|
| 29 |
The question is almost never "does this things do what I want?" as the |
| 30 |
answer is so often yes. The question is always "d I understand this |
| 31 |
thing as can drive it easily?" |
| 32 |
|
| 33 |
-- |
| 34 |
Alan McKinnon |
| 35 |
alan.mckinnon@×××××.com |
Archives