From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2013-February/022973.html | 143 +++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 zarb-ml/mageia-dev/2013-February/022973.html (limited to 'zarb-ml/mageia-dev/2013-February/022973.html') diff --git a/zarb-ml/mageia-dev/2013-February/022973.html b/zarb-ml/mageia-dev/2013-February/022973.html new file mode 100644 index 000000000..11beaf7fe --- /dev/null +++ b/zarb-ml/mageia-dev/2013-February/022973.html @@ -0,0 +1,143 @@ + + + + [Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH + + + + + + + + + +

[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH

+ finid at linuxbsdos.com + finid at linuxbsdos.com +
+ Tue Feb 19 13:44:10 CET 2013 +

+
+ +
+
+On 2013-02-19 12:13, Colin Guthrie wrote:
+> 'Twas brillig, and Robert Fox at 19/02/13 11:45 did gyre and gimble:
+>> On Tue, 2013-02-19 at 12:35 +0100, Guillaume Rousse wrote:
+>>> Le 19/02/2013 12:20, finid at linuxbsdos.com a écrit :
+>>>> If that's how you feel about having a program like DenyHosts 
+>>>> running by
+>>>> default, do you feel the same way about having a firewall running 
+>>>> and
+>>>> configured out of the box.
+>>>>
+>>>> Is a firewall a sysadmin's or packager's choice?
+>>> A sysadmin choice. Pushing always more stuff 'by default' doesn't 
+>>> help
+>>> users to make educated choices.
+>>
+>> On one hand I agree, on the other hand - we want a distribution 
+>> which
+>> simply works and common choices are made (like which firewall) from 
+>> the
+>> distro side - a good enough Sysadmin can then change to his/her 
+>> liking
+>> afterwards.  This is more or less a distro "philosophy" question, 
+>> but
+>> look why "Mint" has become so popular - because many choices are 
+>> made
+>> upfront for the user - yet the flexibility is in the system (and 
+>> enough
+>> packages) for an advanced user to change them!
+>>
+>> As long as the default settings are documented upfront - I see no 
+>> issue
+>> in making such a decision on behalf of the "average" user - and 
+>> making a
+>> more security robust distribution.
+>
+> Yup, I agree with this.
+>
+> I'm know my way around sufficiently that I can happily change the 
+> stuff
+> I don't like.
+>
+> I think we do have to pick reasonably sensible defaults. Ultimately
+> that's what msec does too - defines sensible defaults for the 
+> security
+> level picked.
+>
+> So overall I'd welcome a default setup that allows things to be more
+> secure/robust by default (obviously balanced against user experience 
+> -
+> e.g. a *very* secure setup would be to ban all traffic in or out... 
+> but
+> that's not a nice user experience :D).
+>
+
+If you are referring to a firewall, banning "all traffic in or out" 
+does not make sense. I'm sure we are all familiar with concept of 
+Stateful Inspection.
+
+
+--
+finid
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1