Fudcon - Items for discussion

Nils Breunese nils at breun.nl
Sat Jan 6 02:47:15 UTC 2007


Luke Macken wrote:

> During the summit Warren proposed a few security policies for our  
> publictest* machines, which we all agreed on:
>
> 	o must get approval from infrastructure team
> 	o denyhosts must be configured
> 	o ssh key authentication only

I use SSH public key authentication on all my servers (password  
authentication disabled) and I used to run DenyHosts. At some point I  
decided to replace DenyHosts with Fail2ban [1], because Fail2ban  
creates (temporary) iptables rules instead of (temporary) entries in / 
etc/hosts.deny. Have you compared the two?

Nils Breunese.

[1] http://fail2ban.sourceforge.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: Dit deel van het bericht is digitaal ondertekend
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20070106/29b636b6/attachment.bin 


More information about the infrastructure mailing list