On Mon, Sep 14, 2009 at 9:17 PM, Arturo 'Buanzo' Busleiman <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > paul kölle wrote: >> Not really. IMO all these brute-force-polling-logwatcher are pretty bad >> design. If proftpd uses pam you should search for pam_shield, it can >> recognize failed logins and insert the appropriate rules into your >> firewall. > > You've just stated a particular set of cases: applications that do auth and > support pam. > > fail2ban is also used with fastcgi, lighttpd, apache, mod_security, nagios, > etc, etc, etc. > > and polling is the fallback method.... > > anyway, subjective opinon here, i'm one of fail2ban developers :P - don't > take me seriously. Sorry man, I didn't want to bash you work. Of course pam_shield is limited to pam-enabled apps but in that cases it's better suited as it can actually tell if there was a failed *login*. I hope we can agree here ;)
cheers Paul > > - -- > Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 > Independent Linux and Security Consultant - SANS - OISSG - OWASP > http://www.buanzo.com.ar/pro/eng.html > Mailing List Archives at http://archiver.mailfighter.net > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEAREKAAYFAkqulskACgkQAlpOsGhXcE2vLACfYog8xe6K8o71kxu2WrdBZcLn > qhcAniFwShclOrirUE+wQKQHEOxxTA5l > =BCAP > -----END PGP SIGNATURE----- > >
