fail2ban on IPv6 and pam_shield
Suvayu Ali
fatkasuvayu+linux at gmail.com
Thu Jul 23 17:56:07 UTC 2015
Hi,
(quoting from the thread: will denyhosts work with journald (without rsyslogd)?)
<http://mid.gmane.org/CAHc5q3eE3vKFqacRQf3rCwny4bF5Q+u93Di8J+K5GGto_VYpmA@mail.gmail.com>
On Sat, Mar 28, 2015 at 11:22:20PM -0400, Rahul Sundaram wrote:
> However denyhosts itself is pretty outdated and everyone should switch
> over to fail2ban anyway.
While reading about the recently found SSH vulnerability, I came across
a rather uncontested opinion that fail2ban does not work with IPv6,
e.g. see this reddit thread:
https://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteractive_authentication_brute/
Personally, I found the "parse log files to ban" idea a bit shaky to
begin with. The same thread mentions pam_shield (also available in the
Fedora repos). A bit of reading on it makes it seem more robust than
fail2ban. I was wondering if anyone had any experience or opinion
on this topic.
Cheers,
--
Suvayu
Open source is the future. It sets us free.
More information about the users
mailing list