On Saturday 19 May 2018 11:29:25 Andy Smith wrote: > Hello, > > On Sat, May 19, 2018 at 12:03:37PM +0200, Hubert Hauser wrote: > > On 19/05/18 07:29, Chris wrote: > > > Make those services listen to localhost and do port forwarding in > > > your SSH client. > > > > It might be a good idea but I am not sure whether fail2ban with > > nginx basic_auth mechanism is a simplier solution. You have not > > replied me is it. Should I worry about maximum length of passwords > > (8 characters)? > > If the services are only available in localhost then you don't need > fail2ban. > > Fail2ban is a massive hack (spotting wrongdoing by reading logs of > it after the fact?) so if there is a way to avoid the issue in the > first place then to me that is preferable. > > Cheers, > Andy
I've had fail2ban running on my machinery here, for close to 20 years. Its never triggered. Portsentry, maybe twice in that same time frame. I also have dd-wrt between my stuff and the internet. Nothing comes thru that unless I clear it. That's a comforting feeling... -- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
