Nicolas Mailhot wrote:
Hi, I see denyhosts and pam_abl are both in extras. Perhaps there are even other packages devoted to defending against ssh brute-force attacks. Anyone tried them ? Care to recommend one or the other ?
I just tried denyhosts. It seems to worked as advertised, although I wonder why FE5 has the latest 1.1.2 version while FE3 and FE4 contain 1.0.2. I tested the 1.1.2 SRPM rebuilt on FE3 and it seems to work fine.
I haven't tried pam_abl, but I am guessing that it reacts faster to an attack than denyhosts. The packaged denyhosts defaults to 30 seconds between log checks when in daemon mode. This is good enough, although I wonder if pam_abl is more efficient by not re-reading the logs often. (Just guessing how it works...)
Warren Togami wtogami redhat com