Have a look at pam_shield. It can protect any services that use PAM for
authentication (i.e. ssh, authenticated mail, but not web). It can use
either null-routing or iptables rules for blocking. If you set it to use
null-routing then it doesn't interfere with puppetlabs/firewall - we are
using these two modules together without problems.
https://github.com/jtniehof/pam_shield
Cheers,
Jonathan
On 30/10/13 09:36, Daniele Sluijters wrote:
Hi,
Ah indeed, I misread the puppetlabs-denyhosts module. I had a look at
the DenyHosts project but that seems limited to SSH alone. My fail2ban
has rules that scan logs of our web servers, mail etc.
--
Daniele Sluijters
On Wednesday, 30 October 2013 01:39:56 UTC+1, Don Hoffman wrote:
On reading your message, I think you are perhaps confusing the
static Linux /etc/host.deny mechanism with the DenyHosts project.
See http://denyhosts.sourceforg.net
<http://denyhosts.sourceforg.net>
Don
On Oct 29, 2013, at 5:32 PM, Donald Hoffman <don.h...@gmail.com
<javascript:>> wrote:
> On Oct 29, 2013, at 12:00 PM, Daniele Sluijters
<daniele....@gmail.com <javascript:>> wrote:
>
>> Hi,
>>
>> DenyHosts is not an option for me since I can't predict which
hosts will be connecting from the outside. Fail2ban solves that
issue by looking for odd behaviour instead of asking me to whitelist.
>>
>> Thanks for the suggestion though,
>>
>> --
>> Daniele Sluijters
>
> Hmm. Don’t quite follow. DenyHost works pretty much the same
as fail2ban on the detection side. I.e. “looking for odd
behavior". See this entry from their FAQ:
http://denyhosts.sourceforge.net/faq.html#1_5
<http://denyhosts.sourceforge.net/faq.html#1_5>
>
> The DenyHost daemon monitors /var/log/secure for various signs
of unsuccessful attempts to connect (from anywhere). Once a
threshold is reached a rule for that IP address is inserted in to
/etc/host.deny. Pretty much has the same detection features as
Fail2ban.
>
> It is only on the filtering side where DenyHosts and Fail2ban
really differ. Fail2ban sets up iptables firewall rules while
DenyHosts adds entries to hosts.deny for filtering in the app
(usually sshd) server daemon.
>
> Don
>
>
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d03394af-4bf0-4bc0-b250-d3d125a22ab5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52738BAE.3060200%40bristol.ac.uk.
For more options, visit https://groups.google.com/groups/opt_out.
