[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH
Robert Fox
list at foxconsult.net
Tue Feb 19 12:45:23 CET 2013
On Tue, 2013-02-19 at 12:35 +0100, Guillaume Rousse wrote:
> Le 19/02/2013 12:20, finid at linuxbsdos.com a écrit :
> > If that's how you feel about having a program like DenyHosts running by
> > default, do you feel the same way about having a firewall running and
> > configured out of the box.
> >
> > Is a firewall a sysadmin's or packager's choice?
> A sysadmin choice. Pushing always more stuff 'by default' doesn't help
> users to make educated choices.
On one hand I agree, on the other hand - we want a distribution which
simply works and common choices are made (like which firewall) from the
distro side - a good enough Sysadmin can then change to his/her liking
afterwards. This is more or less a distro "philosophy" question, but
look why "Mint" has become so popular - because many choices are made
upfront for the user - yet the flexibility is in the system (and enough
packages) for an advanced user to change them!
As long as the default settings are documented upfront - I see no issue
in making such a decision on behalf of the "average" user - and making a
more security robust distribution.
BTW, there is no Mageia package for BlockHosts - but fail2ban and
DenyHosts there are packages . . .
Cheers,
Robert
More information about the Mageia-dev
mailing list