On 2023-07-31 14:56:09, Antony Stone wrote:
> On Monday 31 July 2023 at 14:46:08, Robert Montante, Ph.D. via Dng wrote:
>
> > I'm running the apache2 webserver on an installation of daedalus rc7,
> > and I really need some protection from all the attacks. It seems that
> > "crowdsec" is being promoted as better than "fail2ban",
>
> Reference/s?
>
> > so I installed that... but I can't see any evidence that it's actually
> > running. It doesn't show up as a service, and it doesn't show up as a
> > process.
>
> I haven't used crowdsec, so I can't answer your actual question, however I find
> the comparison between this and fail2ban somewhat odd, because crowdsec is
> based on a group of machines reporting suspicious behaviour to each other and
> using the sum of information from multiple sources to decide what security
> measures to implement, whereas fail2ban operates on a single machine and
> reacts to events in its local log files.
>
> I believe fail2ban can be set up to communicate with other instances of itself
> over a network, but those have to be configured by the sysadmins and are
> therefore still far more of a private service than crowdsec, which is
> exchanging information with loads of machines, the identities of which you
> have no idea.
>
> I'm not saying I think fail2ban is better; I'm just saying they do different
> jobs and therefore can't be directly compared.

First I have heard of crowdsec, but I always say that the biggest
problem with fail2ban is that it ... fails 2 ban. While it comes with a
great variety of rules, the only one I have ever seen it ban anything
with is the one I wrote myself.

So some replacemnt that actually works out of the box would be useful to
me.

--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.