3

I already have installed Fail2Ban on my server. I planned to install PSAD on it. Are they equal? Isn't it a good idea to keep them both?

THpubs
  • 1,615
  • 7
  • 26
  • 43

1 Answers1

7

Fail2BAN scans log files of various applications such as apache, ssh or ftp and automatically bans IPs that show the malicious signs such as automated login attempts. PSAD on the other hand scans iptables and ip6tables log messages (typically /var/log/messages) to detect and optionally block scans and other types of suspect traffic such as DDoS or OS fingerprinting attempts. It's ok to use both programs at the same time because they operate on different level.

FINESEC
  • 1,371
  • 7
  • 8
  • Is it okay if I quote you in a how-to guide I created? I am adding a section for PSAD and want to mention why we should use both PSAD and Fail2Ban. I can't summarize it any better than you did so I figured I would just quote you. https://github.com/imthenachoman/How-To-Secure-A-Linux-Server/ – IMTheNachoMan Feb 13 '19 at 03:58