Red Hat Enterprise Linux 5.5 & Fail2Ban
I just transitioned my web server over from Fedora to Red Hat Enterprise Linux 5.5. I have access to a Red Hat Network satellite for updates so I decided to make the switch. I rebuilt the web server, making a few minor modifications.
One big change is the addition of Fail2Ban. Previously I was using DenyHosts to block ssh brute-force attacks, but I have switched over to Fail2Ban which is a great program. It can use tcpwrapper or iptables firewall to block brute force login attacks on almost anything, including ssh, ftp, imap, sasl, pop3, and even Roundcube webmail. Fail2Ban even performs whois lookups on the attacking IP address and sends e-mail notifications including who their hosting provider is, what country they are from, and who to contact about abuse.
Leave a comment
You must be logged in to post a comment.