On Mon, 23 Aug 2010, Karanbir Singh wrote:
> On 08/23/2010 03:58 PM, Rob Kampen wrote:
>>> pam_shield is available from RPMforge and requires a minimum of
>>> configuration.
>> Never heard of this one before - just installed and simple to configure.
>> I note that version 0.9.3 was released April 2010 and includes a
>> supposed memory leak fix - maybe time for an update?
>
> given the overall lower cost of running pam_shield, it makes for a much
> better solution than denyhosts or fail2ban ( for many situations ). You
> just need to be careful that you dont end up DoS'ing yourself, so weigh
> in some typical scenarios and test in a sandbox environment.
You can whitelist known IP addresses (or FQDNs), but indeed there is the
possibility that someone else (from your IP address) can DOS you as it is
IP-based. Although that risk is limited, you need to understand how it
works :)
--
-- dag wieers, dag@xxxxxxxxxx, http://dag.wieers.com/ --
[Any errors in spelling, tact or fact are transmission errors]
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
