Re: fail2ban or sshguard or blacklistd (or what else)?

To: netbsd-users <netbsd-users%netbsd.org@localhost>
Subject: Re: fail2ban or sshguard or blacklistd (or what else)?
From: Jan Danielsson <jan.m.danielsson%gmail.com@localhost>
Date: Mon, 21 May 2018 19:11:52 +0200

On 2018-05-21 18:22, Mayuresh wrote:
> I wish to set up a utility that would monitor logs of various services for
> a server on the internet and block nasty IPs.
> 
> How do above options compare and which one is more common on NetBSD?

   I recommend you watch "Blacklistd by Christos Zoulas" on YouTube:
https://www.youtube.com/watch?v=fuuf8G28mjs

   It's (unsurprisingly) biased towards blacklistd, but - I would argue
- not without merit.

> So far, I tried using fail2ban and my impressions are: 1. Just too many
> dependencies, took long time to build. 2. Using default configuration it
> did not appear to do anything precious after watching it for some time
> when there were many auth failures seen in authlog.

   When I set up blacklistd the first time I remember being slightly
annoyed by some detail with regards to how the configurations work, but
since I forgot what it was it can't have been that important.

-- 
Kind Regards,
Jan Danielsson

References:
- fail2ban or sshguard or blacklistd (or what else)?
  - From: Mayuresh

Prev by Date: Re: sshguard fails to start
Next by Date: Re: fail2ban or sshguard or blacklistd (or what else)?
Previous by Thread: fail2ban or sshguard or blacklistd (or what else)?
Next by Thread: Re: fail2ban or sshguard or blacklistd (or what else)?
Indexes:

Home | Main Index | Thread Index | Old Index