Fudcon - Items for discussion
Nils Breunese
nils at breun.nl
Sat Jan 6 02:47:15 UTC 2007
Luke Macken wrote:
> During the summit Warren proposed a few security policies for our
> publictest* machines, which we all agreed on:
>
> o must get approval from infrastructure team
> o denyhosts must be configured
> o ssh key authentication only
I use SSH public key authentication on all my servers (password
authentication disabled) and I used to run DenyHosts. At some point I
decided to replace DenyHosts with Fail2ban [1], because Fail2ban
creates (temporary) iptables rules instead of (temporary) entries in /
etc/hosts.deny. Have you compared the two?
Nils Breunese.
[1] http://fail2ban.sourceforge.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: Dit deel van het bericht is digitaal ondertekend
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20070106/29b636b6/attachment.bin
More information about the infrastructure
mailing list