Web lists-archives.com

Re: sucessor for denyhosts?





Den 09.03.2019 11:22, skrev mj:
Hi,

We are using fail2ban to do this. It offers many more options, and works by creating iptables rules. This gives you  much more control over what ports exactly are blocked.
fail2ban can run any script of your choosing as "banaction". I have a script that does smtp blacklist for example. My default action is a shorewall command. Also needs the corresponding "unban" script, obviously. All in all fail2ban seems fairly solid, though it /does/ depend on the format of your logs to work properly. Stick with standard config of logging from services and syslogd/systemd as far as possible, and fail2ban will be pretty low-maintenance. (I have only ever used it together with rsyslogd).

Plus I think (correct me if Im wrong) that using /etc/hosts.deny to block access only works with programs that are compiled to do so, and iptables will always work.

That is the direction things are moving in my experience also, though I seem to remember a recent issue i had where I needed hosts.deny to get proper blocking for apache, because connections were coming in via a multiplexer/proxy thingamajig. Had something to do with open-vpn.



MJ

On 3/9/19 9:57 AM, Hans wrote:
Hi folks,

looks like "denyhosts" is nol more in the repos. I like this tool, because it
blocks the IP, when the wrong password is sent n-times.

The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.

I am using a script, which, cleares the hosts.deny after a certain time, but
this is just my behaviour.

My question: which successor for denyhost do you suggest. I found sshguard, which looks promising, but maybe you got a better tool, which is similar to
denyhosts.

Happy hacking!

Hans