Re: fail2ban or sshguard or blacklistd (or what else)?

[John Nemeth <jnemeth%cue.bc.ca@localhost>]

On May 21,  9:52pm, Mayuresh wrote:
}
} I wish to set up a utility that would monitor logs of various services for
} a server on the internet and block nasty IPs.
} 
} How do above options compare and which one is more common on NetBSD?
} 
} So far, I tried using fail2ban and my impressions are: 1. Just too many
} dependencies, took long time to build. 2. Using default configuration it
} did not appear to do anything precious after watching it for some time
} when there were many auth failures seen in authlog.

     fail2ban and sshguard are both log scrapers.  Log scrapers
are gross hacks.

     blacklistd as an integrated solution is what should have
happened many years ago.

     I have no idea what is most used on NetBSD.  I wouldn't be
surprised if fail2ban is more used simply because it is much older,
more well known, and works with more filters.  blacklistd is
relatively new and only works with npf on NetBSD.  However, FreeBSD
has adopted blacklistd and has extended it to work with more filters.
The interface between blacklistd and the filter is scripted so it
can be easily extended.

    BTW, on my own internet facing system, I moved ssh to a different
port.  I've only recently started seeing people attacking it.  For
many years, nobody bothered me.  The script kiddies look for low
hanging fruit.  However, it looks like it might be time for me to
setup blacklistd.  Even so, I expect much less hassle.

}-- End of excerpt from Mayuresh