On Monday 31 July 2023 at 14:46:08, Robert Montante, Ph.D. via Dng wrote:

> I'm running the apache2 webserver on an installation of daedalus rc7,
> and I really need some protection from all the attacks. It seems that
> "crowdsec" is being promoted as better than "fail2ban",

Reference/s?

> so I installed that... but I can't see any evidence that it's actually
> running. It doesn't show up as a service, and it doesn't show up as a
> process.

I haven't used crowdsec, so I can't answer your actual question, however I find
the comparison between this and fail2ban somewhat odd, because crowdsec is
based on a group of machines reporting suspicious behaviour to each other and
using the sum of information from multiple sources to decide what security
measures to implement, whereas fail2ban operates on a single machine and
reacts to events in its local log files.

I believe fail2ban can be set up to communicate with other instances of itself
over a network, but those have to be configured by the sysadmins and are
therefore still far more of a private service than crowdsec, which is
exchanging information with loads of machines, the identities of which you
have no idea.

I'm not saying I think fail2ban is better; I'm just saying they do different
jobs and therefore can't be directly compared.

My final comment is that security in depth is always a good idea, so why not
run both?


Antony.

--
The best time to plant a tree is 20 years ago.
The second best time is now.

                                                   Please reply to the list;
                                                         please *don't* CC me.