Quoting Marc Chamberlin <marc@marcchamberlin.com>:
On 01/17/2019 07:38 AM, Bob Williams wrote:
On Thu, 17 Jan 2019 08:15:43 -0500 Patrick Shanahan <paka@opensuse.org> wrote:
* Peter Suetterlin <pit@astro.su.se> [01-17-19 06:15]:
Patrick Shanahan wrote:
if you are not running a server, don't install fail2ban.
Any reasoning for this? I definitely disagree. Anything that has an open ssh port should run it IMHO. And that's more than just servers.... but ssh is a server service, and would definitely be a candidate for employing fail2ban. providing a web service or mail is not the only reason(s) for running a server.
Could you clarify please? If I don't have sshd enabled and active, and only use ssh to connect to other machines, am I running an ssh server? I had always thought not, but this thread is confusing me.
The same applies to rsync and rsyncd.
Bob
Hmmm this thread seems to have gone sideways but I think I got an answer... Since SuSEfirewall is going the way of dinosaurs I suspect my question about the SuSEFirewall2-fail2ban is moot....
Bob, as for the distinction, I would argue that the distinction between servers and desktops, and whether you are running an ssh server or not, lies in whether you are opening up ports on your system to accept incoming connections. If you are just initiating outgoing connections, such as using ssh to connect to other systems, or a mail client like Thunderbird to pick up your email, then you are not running a server. Fail2ban is a support service designed to prevent attacks against a server's services from some idiot who is attempting to gain access by guessing login names and passwords. Therefore it is monitoring incoming connections and thus falls in the realm of being a service/server.
Server is a role, as is client. Clients initiate connections to servers, which may then turn around and initiate a connection (i.e. as a client) to another server. Mail Transfer Agents such as Postfix, sendmail, qmail, etc. are a prime example of client/servers. E.g. I use Mutt as e-mail client to compose a message, it connects to Postfix (server), which connects (as client) to my ISP SMTP server, and so on. Unix and Linux systems presume a e-mail server. It may not allow incoming connections from other computers. Anything below with LISTEN in the last column is a server. # netstat -ant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3001 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9312 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:143 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN tcp 0 0 192.168.10.102:60388 199.59.150.44:443 ESTABLISHED tcp 0 0 127.0.0.1:6379 127.0.0.1:52760 ESTABLISHED tcp 32 0 192.168.10.102:55984 34.206.244.91:443 CLOSE_WAIT tcp 32 0 192.168.10.102:45810 54.192.7.216:443 CLOSE_WAIT tcp 0 0 192.168.10.102:47688 35.241.33.125:443 ESTABLISHED tcp 0 0 127.0.0.1:56014 127.0.0.1:143 ESTABLISHED tcp 0 0 127.0.0.1:52760 127.0.0.1:6379 ESTABLISHED tcp 147707 0 192.168.10.102:57286 173.239.76.148:80 ESTABLISHED tcp 0 0 127.0.0.1:44046 127.0.0.1:6379 ESTABLISHED tcp 0 0 127.0.0.1:143 127.0.0.1:56014 ESTABLISHED tcp 0 0 127.0.0.1:6379 127.0.0.1:44046 ESTABLISHED tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org