Hi, (quoting from the thread: will denyhosts work with journald (without rsyslogd)?) <http://mid.gmane.org/cahc5q3ee3vkfqacrqf3rcwny4bf5q+u93di8j+k5ggto_vy...@mail.gmail.com>
On Sat, Mar 28, 2015 at 11:22:20PM -0400, Rahul Sundaram wrote: > However denyhosts itself is pretty outdated and everyone should switch > over to fail2ban anyway. While reading about the recently found SSH vulnerability, I came across a rather uncontested opinion that fail2ban does not work with IPv6, e.g. see this reddit thread: https://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteractive_authentication_brute/ Personally, I found the "parse log files to ban" idea a bit shaky to begin with. The same thread mentions pam_shield (also available in the Fedora repos). A bit of reading on it makes it seem more robust than fail2ban. I was wondering if anyone had any experience or opinion on this topic. Cheers, -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
