Hi,
(quoting from the thread: will denyhosts work with journald (without rsyslogd)?)
<
http://mid.gmane.org/CAHc5q3eE3vKFqacRQf3rCwny4bF5Q+u93Di8J+K5GGto_VYpmA@...
On Sat, Mar 28, 2015 at 11:22:20PM -0400, Rahul Sundaram wrote:
However denyhosts itself is pretty outdated and everyone should
switch
over to fail2ban anyway.
While reading about the recently found SSH vulnerability, I came across
a rather uncontested opinion that fail2ban does not work with IPv6,
e.g. see this reddit thread:
https://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteracti...
Personally, I found the "parse log files to ban" idea a bit shaky to
begin with. The same thread mentions pam_shield (also available in the
Fedora repos). A bit of reading on it makes it seem more robust than
fail2ban. I was wondering if anyone had any experience or opinion
on this topic.
Cheers,
--
Suvayu
Open source is the future. It sets us free.