Hi Dominik, On 10/8/18 12:39 AM, Dominik 'Rathann' Mierzejewski wrote: > Ship this configuration in a subpackage (sshguard-iptables). Use rich > dependencies to have it auto-installed if iptables-services is installed. > Ship this configuration in a subpackage (sshguard-firewalld). Use rich > dependencies to have it auto-installed if firewalld is installed. That is a great idea, thank you. I'll do that. > PS. What's wrong with fail2ban? Nothing, I just happen to have been using SSHGuard on my systems before recently shifting to Fedora, and if I'm going to be creating packages for my own use, I might as well do it properly and put them at least on COPR for others to benefit from. (TL;DR: fail2ban can do almost anything you want it to do, but if you don't need that much flexibility, SSHGuard does the job just as well and is much more straightforward to use.) More substantively, fail2ban is a lot more flexible in what it can match and how to treat matches, with it's different jails etc., plus you can write your own matching rules. However, due to that flexibility, it is rather more complex to configure & manage, even if you don't start writing your own matches, precisely due to the separate jails etc and multiple levels of local, per-jail and global config. SSHGuard, on the other hand, does not offer any of that, matching rules are compiled in and there is one global jail for all offenders on all services. It is, however, extremely easy to configure and can work with pretty much any firewall and read from any log source you want it to. What is monitored is configured by what you give it to read (e.g. via journalctl -t/-u options), which I find a rather elegant way doing it. Personally, I need none of the fine-grained control fail2ban offers, so I prefer SSHGuard's simplicity. Best wishes, Christopher _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
