blocking IPs that try to crack SSH, is portsentry what I want?
I get loads of this crap in my auth.log file,
Failed password for illegal user root from ...
Failed password for illegal user webmaster from ...
Failed password for illegal user data from ...
sometimes almost 100 attempts in series from the same IP. I
want to install something that will block an offensive IP
indefinitely after a few bad attempts (say 3 or 4 rather
than 1, since I occasionally make typos when logging in!).
Is portsentry the package I want in order to do this?
Is it easy to configure to do what I want?