On Mon, 16 Jan 2006 19:48:12 +0100 Nico Golde <nico@ngolde.de> wrote: > Hi, > * Marco Bertorello <marco@bertorello.ns0.it> [2006-01-16 19:41]: > > I'm working on a new package called denyhosts. > > > > The program is a python script that can monitor a log file > > (default /var/log/auth.log) for ssh brute-force attack attempts and > > block them adding an entry in /etc/hosts.deny. > > > > The homepage is http://denyhosts.sourceforge.net/ > > Are there any significant differences to the fail2ban > package? If not keep it away from the archive ;) Sure! ;-) > fail2ban is also python and > Description: bans IPs that cause multiple authentication errors > Monitors (in daemon mode) or just scans log files > (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily > bans failure-prone addresses by updating existing firewall rules. > Currently, by default, supports ssh/apache but configuration can be > easily extended for scanning the other ASCII log files. Firewall > rules are given in the config file, thus it can be adopted to be used > with a variety of firewalls (e.g. iptables, ipfwadm) Like the description explain, fail2ban use firewall rules and not everybody want use iptables (or any other kind of firewall). denyhosts can run on systems that haven't support for packet filtering, fail2ban can ? :) BTW, why "keep it away from the archive" ? Users that can choose are happy users :) Thanks, -- Marco Bertorello System Administrator Linux Registered User #319921 marco@bertorello.ns0.it Grande idea! L'avrei messa in pratica io se non fosse che non l'ho fatto :-) - Antonio Messina
Attachment:
signature.asc
Description: PGP signature