How important is fail2ban?
I'm going to set a firewall. Is it still necessary to install fail2ban? I want to follow best security practices. This is just a learning environment, nevertheless, i don't want to get cracked obviously.
Thank you.
4 Replies
@marmot7:
I just set this first server up to only allow passphrases not passwords. I also disabled root's ability to ssh in.
I'm going to set a firewall. Is it still necessary to install fail2ban? I want to follow best security practices. This is just a learning environment, nevertheless, i don't want to get cracked obviously.
Thank you.
What's the difference between a passphrase and a password? (Hint: there isn't one; at most you could say minimum restriction on length, but that's meaningless, because 32 character string made up of just 'a' is just as insecure as a 6 character completely random password.) Set up public key authentication, and disable password authentication entirely. At that point, fail2ban's sole purpose is cutting down on the spam that ends up in system logs from brute force attempts that won't succeed anyway. To be honest, I'm not sure I would want a python script running as root, using regexes to parse logs that contain attacker controlled data, just to cut down on a few MB of logs. Better solutions include configuring syslog to drop those messages instead of writing them to log files, or just not caring about the insignificant dent in disk space usage.
@dwfreed:
@marmot7:I just set this first server up to only allow passphrases not passwords. I also disabled root's ability to ssh in.
I'm going to set a firewall. Is it still necessary to install fail2ban? I want to follow best security practices. This is just a learning environment, nevertheless, i don't want to get cracked obviously.
Thank you.
What's the difference between a passphrase and a password? (Hint: there isn't one; at most you could say minimum restriction on length, but that's meaningless, because 32 character string made up of just 'a' is just as insecure as a 6 character completely random password.) Set up public key authentication, and disable password authentication entirely. At that point, fail2ban's sole purpose is cutting down on the spam that ends up in system logs from brute force attempts that won't succeed anyway. To be honest, I'm not sure I would want a python script running as root, using regexes to parse logs that contain attacker controlled data, just to cut down on a few MB of logs. Better solutions include configuring syslog to drop those messages instead of writing them to log files, or just not caring about the insignificant dent in disk space usage.
Fail2ban does more than just SSH. It can monitor and block using any rule you can come up with for any log.
@jebblue:
@dwfreed:
@marmot7:I just set this first server up to only allow passphrases not passwords. I also disabled root's ability to ssh in.
I'm going to set a firewall. Is it still necessary to install fail2ban? I want to follow best security practices. This is just a learning environment, nevertheless, i don't want to get cracked obviously.
Thank you.
What's the difference between a passphrase and a password? (Hint: there isn't one; at most you could say minimum restriction on length, but that's meaningless, because 32 character string made up of just 'a' is just as insecure as a 6 character completely random password.) Set up public key authentication, and disable password authentication entirely. At that point, fail2ban's sole purpose is cutting down on the spam that ends up in system logs from brute force attempts that won't succeed anyway. To be honest, I'm not sure I would want a python script running as root, using regexes to parse logs that contain attacker controlled data, just to cut down on a few MB of logs. Better solutions include configuring syslog to drop those messages instead of writing them to log files, or just not caring about the insignificant dent in disk space usage.
Fail2ban does more than just SSH. It can monitor and block using any rule you can come up with for any log.
Great, parsing more logs with potentially attacker controlled content, with regexes, in a script, as root. Excellent.
@dwfreed:
@jebblue:
@dwfreed:What's the difference between a passphrase and a password? (Hint: there isn't one; at most you could say minimum restriction on length, but that's meaningless, because 32 character string made up of just 'a' is just as insecure as a 6 character completely random password.) Set up public key authentication, and disable password authentication entirely. At that point, fail2ban's sole purpose is cutting down on the spam that ends up in system logs from brute force attempts that won't succeed anyway. To be honest, I'm not sure I would want a python script running as root, using regexes to parse logs that contain attacker controlled data, just to cut down on a few MB of logs. Better solutions include configuring syslog to drop those messages instead of writing them to log files, or just not caring about the insignificant dent in disk space usage.
Fail2ban does more than just SSH. It can monitor and block using any rule you can come up with for any log.
Great, parsing more logs with potentially attacker controlled content, with regexes, in a script, as root. Excellent.
Works for me.