Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[gentoo-user] Fail2Ban vs SSHGuard? Comparison? What's the difference?
2,106 views
Skip to first unread message
Stroller
Sep 16, 2017, 10:10:04 AM9/16/17
to
Is anyone familiar enough with this subject to make a comparison between these two programs, please?
If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but no-one saying why one might be better than the other.
So far I'm favouring SSHGuard, but mostly because the website looks prettier.
I want to be able to use passwords, so allowing logons only by public-key is no good (also would be nice to block failed IMAP connection attempts).
Thanks in advance for any thoughts.
Stroller.
If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but no-one saying why one might be better than the other.
So far I'm favouring SSHGuard, but mostly because the website looks prettier.
I want to be able to use passwords, so allowing logons only by public-key is no good (also would be nice to block failed IMAP connection attempts).
Thanks in advance for any thoughts.
Stroller.
Alan McKinnon
Sep 16, 2017, 3:40:03 PM9/16/17
to
all manner of log files and such, decides based on rules if someone is
being naughty, and then takes actually (most often listing the source
address in a packet filter drop rule).
As far as I'm aware (and could be wrong), sshguard is mostly just sshd
whereas fail2ban works on anything you can give it consistent logs for.
There's not much to choose between them really.
So go for the one that seems to fit your needs best, if you scan the man
pages and sample rules files and one jumps out as a clear winner than
you understand easily, then that is the one you use.
The question is almost never "does this things do what I want?" as the
answer is so often yes. The question is always "d I understand this
thing as can drive it easily?"
--
Alan McKinnon
alan.m...@gmail.com
Stroller
Sep 16, 2017, 5:30:03 PM9/16/17
to
> On 16 Sep 2017, at 20:31, Alan McKinnon <alan.m...@gmail.com> wrote:
>
> As far as I'm aware (and could be wrong), sshguard is mostly just sshd
> whereas fail2ban works on anything you can give it consistent logs for.
https://www.sshguard.net/docs/reference/attack-signatures/
Stroller.
Alan McKinnon
Sep 16, 2017, 5:40:03 PM9/16/17
to
As a sidenote, I've just finished rolling out fail2ban here at work.
It's a mobile provider and ISP with millions and millions of hones out
there, and the owners has some very odd ideas on how mail works.
Especially just how much mail coming from their individual phones I'm
willing to relay (answer: not very much at all :-) )
Anyway, fail2ban went on the mail relays with strict rules as to number
of connections etc etc. The amount of tweaking I had to make was minimal
- just change some numbers. All the rules I needed were already there
baked in, I just had to enable them and set the numbers. It even knew
these are FreeBSD relays so the packet filter is pf.
It's such a pleasure to use a product built with real engineering in
mind and does it right. fail2ban ticks that box for me.
--
Alan McKinnon
alan.m...@gmail.com
0 new messages