[Mageia-dev] Fail2Ban vs Blockhosts vs DenyHosts vs iptable throttle for SSH

[finid at linuxbsdos.com]

On 2013-02-19 11:45, Robert Fox wrote:
> On Tue, 2013-02-19 at 12:35 +0100, Guillaume Rousse wrote:
>> Le 19/02/2013 12:20, finid at linuxbsdos.com a écrit :
>> > If that's how you feel about having a program like DenyHosts 
>> running by
>> > default, do you feel the same way about having a firewall running 
>> and
>> > configured out of the box.
>> >
>> > Is a firewall a sysadmin's or packager's choice?
>> A sysadmin choice. Pushing always more stuff 'by default' doesn't 
>> help
>> users to make educated choices.
>
> On one hand I agree, on the other hand - we want a distribution which
> simply works and common choices are made (like which firewall) from 
> the
> distro side - a good enough Sysadmin can then change to his/her 
> liking
> afterwards.  This is more or less a distro "philosophy" question, but
> look why "Mint" has become so popular - because many choices are made
> upfront for the user - yet the flexibility is in the system (and 
> enough
> packages) for an advanced user to change them!
>
> As long as the default settings are documented upfront - I see no 
> issue
> in making such a decision on behalf of the "average" user - and 
> making a
> more security robust distribution.
>
> BTW, there is no Mageia package for BlockHosts - but fail2ban and
> DenyHosts there are packages . . .
>

This is the point that many distro devs don't seem to understand. 
People want a system that just works. Have you observed that Macs are 
very popular with geeks, that is, the guys who can mess with a system in 
and out. Why?

How did Ubuntu and Mint become so popular? That's right, they just 
work. All the sane options have been pre-selected.

I once had a discussion with a dev who did not want to have the updates 
manager's icon in the systray because he did not want to clutter that 
part of the panel.


--
finid