I already have installed Fail2Ban on my server. I planned to install PSAD on it. Are they equal? Isn't it a good idea to keep them both?
I already have installed Fail2Ban on my server. I planned to install PSAD on it. Are they equal? Isn't it a good idea to keep them both?
Fail2BAN scans log files of various applications such as apache, ssh or ftp and automatically bans IPs that show the malicious signs such as automated login attempts. PSAD on the other hand scans iptables and ip6tables log messages (typically /var/log/messages) to detect and optionally block scans and other types of suspect traffic such as DDoS or OS fingerprinting attempts. It's ok to use both programs at the same time because they operate on different level.