diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2013-February/022973.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2013-February/022973.html | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2013-February/022973.html b/zarb-ml/mageia-dev/2013-February/022973.html new file mode 100644 index 000000000..11beaf7fe --- /dev/null +++ b/zarb-ml/mageia-dev/2013-February/022973.html @@ -0,0 +1,143 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Fail2Ban%20vs%20Blockhosts%20vs%20DenyHosts%20vs%20iptable%0A%20throttle%20for%20SSH&In-Reply-To=%3C33e1fe5b89f8271b1354807c46120121%40linuxbsdos.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="022972.html"> + <LINK REL="Next" HREF="022980.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH</H1> + <B>finid at linuxbsdos.com</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Fail2Ban%20vs%20Blockhosts%20vs%20DenyHosts%20vs%20iptable%0A%20throttle%20for%20SSH&In-Reply-To=%3C33e1fe5b89f8271b1354807c46120121%40linuxbsdos.com%3E" + TITLE="[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH">finid at linuxbsdos.com + </A><BR> + <I>Tue Feb 19 13:44:10 CET 2013</I> + <P><UL> + <LI>Previous message: <A HREF="022972.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH +</A></li> + <LI>Next message: <A HREF="022980.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#22973">[ date ]</a> + <a href="thread.html#22973">[ thread ]</a> + <a href="subject.html#22973">[ subject ]</a> + <a href="author.html#22973">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE> + +On 2013-02-19 12:13, Colin Guthrie wrote: +><i> 'Twas brillig, and Robert Fox at 19/02/13 11:45 did gyre and gimble: +</I>>><i> On Tue, 2013-02-19 at 12:35 +0100, Guillaume Rousse wrote: +</I>>>><i> Le 19/02/2013 12:20, <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">finid at linuxbsdos.com</A> a écrit : +</I>>>>><i> If that's how you feel about having a program like DenyHosts +</I>>>>><i> running by +</I>>>>><i> default, do you feel the same way about having a firewall running +</I>>>>><i> and +</I>>>>><i> configured out of the box. +</I>>>>><i> +</I>>>>><i> Is a firewall a sysadmin's or packager's choice? +</I>>>><i> A sysadmin choice. Pushing always more stuff 'by default' doesn't +</I>>>><i> help +</I>>>><i> users to make educated choices. +</I>>><i> +</I>>><i> On one hand I agree, on the other hand - we want a distribution +</I>>><i> which +</I>>><i> simply works and common choices are made (like which firewall) from +</I>>><i> the +</I>>><i> distro side - a good enough Sysadmin can then change to his/her +</I>>><i> liking +</I>>><i> afterwards. This is more or less a distro "philosophy" question, +</I>>><i> but +</I>>><i> look why "Mint" has become so popular - because many choices are +</I>>><i> made +</I>>><i> upfront for the user - yet the flexibility is in the system (and +</I>>><i> enough +</I>>><i> packages) for an advanced user to change them! +</I>>><i> +</I>>><i> As long as the default settings are documented upfront - I see no +</I>>><i> issue +</I>>><i> in making such a decision on behalf of the "average" user - and +</I>>><i> making a +</I>>><i> more security robust distribution. +</I>><i> +</I>><i> Yup, I agree with this. +</I>><i> +</I>><i> I'm know my way around sufficiently that I can happily change the +</I>><i> stuff +</I>><i> I don't like. +</I>><i> +</I>><i> I think we do have to pick reasonably sensible defaults. Ultimately +</I>><i> that's what msec does too - defines sensible defaults for the +</I>><i> security +</I>><i> level picked. +</I>><i> +</I>><i> So overall I'd welcome a default setup that allows things to be more +</I>><i> secure/robust by default (obviously balanced against user experience +</I>><i> - +</I>><i> e.g. a *very* secure setup would be to ban all traffic in or out... +</I>><i> but +</I>><i> that's not a nice user experience :D). +</I>><i> +</I> +If you are referring to a firewall, banning "all traffic in or out" +does not make sense. I'm sure we are all familiar with concept of +Stateful Inspection. + + +-- +finid + +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="022972.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH +</A></li> + <LI>Next message: <A HREF="022980.html">[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#22973">[ date ]</a> + <a href="thread.html#22973">[ thread ]</a> + <a href="subject.html#22973">[ subject ]</a> + <a href="author.html#22973">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |