Hi guys,
So last week I upgraded my test environment and got the latest SSHGuard. Well... Can't say that I was very happy about it, in fact I think it clearly shows you how little some software authors know about the way their software is being used, and I think it's somewhat upsetting.
As such the question is now: what good alternatives are there for SSHGuard? I also did a bit of research myself (obviously) but I'm curious to know what some other people actually use. The key feature for me is use of tcpwrappers (hosts.allow). For the simple reason that there is no way that I'll allow an automation to control my firewall.
My reasoning is simple: hosts.allow can only be used to block stuff. If a freak incident were to occur within SSHGuard and it could control my firewall then what guarantees do I have left that it won't start opening things up? Because that's the risk of letting it handle your firewall: it can close, but also open things up. Not so much with TCPWrappers: my firewall always supersedes that.
Anyway, thanks for any comments. I'm closing with a small rant. Need to get something off my chest, because I am seriously unhappy with these developments which in my opinion are plain out stupid.
(small rant)
Several features have been removed from SSHGuard, where for me the most notable is the support for TCPWrappers. At first I blamed the Ports maintainer, then after I investigated more I finally learned the truth: this all happened within the original project itself. Apparently they held a poll on their website and from there it was determined that some features had to go.
I think that shows an extremely narrow minded view on the part of the author(s). Because I can't help believe that there are plenty of people like me: who do not rely on the website but on a programs functionality. I use it because it supports the features I need. And I don't visit such websites because I use other methods to keep my software up to date (such as the Ports collection in my example, but the same applies to users who rely on a local software repository (think both pkg-install but also your average Linux user).
If I have to check up on every mailinglist on every software package I use, combined with all those which really matter (security updates) then I'd be looking at a new daytime job
During my investigation things became worse. Because the SSHGuards website still lists tcpd's host.allow as a blocking method. Yet if you read the release announcement for 1.7.0 you'll see what I'm talking about:
They deprecated a feature and apparently couldn't even be bothered to update the website. That goes to credibility for me. One of the key elements of security, in my humble opinion of course, is transparency. Well, there's little to be found here it seems so I've dubbed this as unreliable and I'm moving on. Even if they would re-add this feature then I'm still ignoring this from here on, because what'll be next?
When I start using software then I rely on 1 main thing: that it will continue to provide the functionality I have come to love and respect. Apparently that's too much to ask for some software projects, and it's their loss I'd say.
(/rant).
So last week I upgraded my test environment and got the latest SSHGuard. Well... Can't say that I was very happy about it, in fact I think it clearly shows you how little some software authors know about the way their software is being used, and I think it's somewhat upsetting.
As such the question is now: what good alternatives are there for SSHGuard? I also did a bit of research myself (obviously) but I'm curious to know what some other people actually use. The key feature for me is use of tcpwrappers (hosts.allow). For the simple reason that there is no way that I'll allow an automation to control my firewall.
My reasoning is simple: hosts.allow can only be used to block stuff. If a freak incident were to occur within SSHGuard and it could control my firewall then what guarantees do I have left that it won't start opening things up? Because that's the risk of letting it handle your firewall: it can close, but also open things up. Not so much with TCPWrappers: my firewall always supersedes that.
Anyway, thanks for any comments. I'm closing with a small rant. Need to get something off my chest, because I am seriously unhappy with these developments which in my opinion are plain out stupid.
(small rant)
Several features have been removed from SSHGuard, where for me the most notable is the support for TCPWrappers. At first I blamed the Ports maintainer, then after I investigated more I finally learned the truth: this all happened within the original project itself. Apparently they held a poll on their website and from there it was determined that some features had to go.
I think that shows an extremely narrow minded view on the part of the author(s). Because I can't help believe that there are plenty of people like me: who do not rely on the website but on a programs functionality. I use it because it supports the features I need. And I don't visit such websites because I use other methods to keep my software up to date (such as the Ports collection in my example, but the same applies to users who rely on a local software repository (think both pkg-install but also your average Linux user).
If I have to check up on every mailinglist on every software package I use, combined with all those which really matter (security updates) then I'd be looking at a new daytime job
During my investigation things became worse. Because the SSHGuards website still lists tcpd's host.allow as a blocking method. Yet if you read the release announcement for 1.7.0 you'll see what I'm talking about:
I am soo much done with this project right now.On 08/29/2016 10:47, Mark Felder wrote:
> Not sure. I was just looking for an easy hack for users of the hosts
> backend.
If that's something people are interested in it would just involve
translating the original hosts.c into a new sshg-fw backend.
It's only deprecated because not many people said they were using it on
the survey, and I wasn't going to rewrite if not many were using it.
They deprecated a feature and apparently couldn't even be bothered to update the website. That goes to credibility for me. One of the key elements of security, in my humble opinion of course, is transparency. Well, there's little to be found here it seems so I've dubbed this as unreliable and I'm moving on. Even if they would re-add this feature then I'm still ignoring this from here on, because what'll be next?
When I start using software then I rely on 1 main thing: that it will continue to provide the functionality I have come to love and respect. Apparently that's too much to ask for some software projects, and it's their loss I'd say.
(/rant).