1 |
On 16/09/2017 16:06, Stroller wrote: |
2 |
> Is anyone familiar enough with this subject to make a comparison between these two programs, please? |
3 |
> |
4 |
> If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but no-one saying why one might be better than the other. |
5 |
> |
6 |
> So far I'm favouring SSHGuard, but mostly because the website looks prettier. |
7 |
> |
8 |
> I want to be able to use passwords, so allowing logons only by public-key is no good (also would be nice to block failed IMAP connection attempts). |
9 |
> |
10 |
> Thanks in advance for any thoughts. |
11 |
> |
12 |
> Stroller. |
13 |
> |
14 |
|
15 |
|
16 |
Depends what you want, they both achieve the same end. fail2ban reads |
17 |
all manner of log files and such, decides based on rules if someone is |
18 |
being naughty, and then takes actually (most often listing the source |
19 |
address in a packet filter drop rule). |
20 |
|
21 |
As far as I'm aware (and could be wrong), sshguard is mostly just sshd |
22 |
whereas fail2ban works on anything you can give it consistent logs for. |
23 |
There's not much to choose between them really. |
24 |
|
25 |
So go for the one that seems to fit your needs best, if you scan the man |
26 |
pages and sample rules files and one jumps out as a clear winner than |
27 |
you understand easily, then that is the one you use. |
28 |
|
29 |
The question is almost never "does this things do what I want?" as the |
30 |
answer is so often yes. The question is always "d I understand this |
31 |
thing as can drive it easily?" |
32 |
|
33 |
-- |
34 |
Alan McKinnon |
35 |
alan.mckinnon@×××××.com |