Allen YIP: 2/20/11

DenyHosts

Features

Parses /var/log/secure to find all login attempts and filters failed and successful attempts.
Synchronization mode (new in 2.0) allows DenyHosts daemons the ability to share data via a centralized server to proactively thwart attacks.
Can be run from the command line, cron or as a daemon (new in 0.9)
Records all failed login attempts for the user and offending host
For each host that exceeds a threshold count, records the evil host
Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed.
Keeps track of each existing user (eg. root) when a login attempt failed.
Keeps track of each offending host (with 0.8+ these hosts can be purged if the associated entry in /etc/hosts.deny is expired)
Keeps track of suspicious logins (that is, logins that were successful for a host that had many login failures)
Keeps track of the file offset, so that you can reparse the same file (/var/log/secure) continuously (until it is rotated).
When the log file is rotated, the script will detect it and parse from the beginning.
Appends /etc/hosts.deny and adds the newly banned hosts
Optionally sends an email of newly banned hosts and suspicious logins.
Keeps a history of all user, host, user/host combo and suspicious logins encountered which includes the data and number of corresponding failed login attempts.
Maintains failed valid and invalid user login attempts in separate files, such that it is easy to see which valid user is under attack (which would give you the opportunity to remove the account, change the password or change it's default shell to something like /sbin/nologin
Upon each run, the script will load the previously saved data and re-use it to append new failures.
Resolves IP addresses to hostnames, if available (new in v0.6.0).
/etc/hosts.deny entries can be expired (purge) at a user specified time (new in 0.8)
FreeBSD support (added in 0.7)

References

http://denyhosts.sourceforge.net/
http://www.cyberciti.biz/faq/rhel-linux-block-ssh-dictionary-brute-force-attacks/

Red Hat Directory Server

Features Overview

Centralizes management of people and their profiles, reducing administrative costs
Acts as a central repository for user profiles and preferences, enabling personalization
Allows 4-way multi-master replication of data across the enterprise, providing a centralized, consistent data source available to enterprise applications
Enables single sign-on access with a partner solution
Provides scalability for massive numbers of users by containing the information control required for developing extranet applications
Provides full support for 64-bit HP-UX, Solaris and Red Hat Enterprise Linux platforms
Provides the foundation for strong certificate-based authentication when used in conjunction with a Red Hat Certificate System

Reference:

http://www.redhat.com/directory_server/

HTTP accelerator

Varnish
Squid

p.s. The Norway biggest online news provider use 3 Varnish machines replace 12 Squid machines. Wikipedia is planning to use Varnish instead of Squid.

Virtualization

Xen
VMware
VirtualBox
KVM (Kernel-based Virtual Machine)

With ConVirt you configure, monitor and automate your Xen and KVM deployments and private clouds from a single at-a-glance dashboard. Open source virtualization is now a real option for enterprises!

Reference

http://www.convirture.com/

p.s. RHEL 6.0 Beta already remove Xen and may use KVM for virtualization.

Infrastructure Monitoring

ZABBIX
Xymon
Hinemos
Nagios

	ZABBIX	Xymon	Hinemos	Nagios
License	GPLv2	GPLv2	GPLv2	GPLv2
Programming	C, PHP	C	Java	C
Admin GUI	Web	Web	Eclipse client	Web
OS	Linux / UNIX	Linux / UNIX	Red Hat Linux / Solaris (Admin GUI running on Windows XP)	Linux / UNIX
Support Monitor OS	Linux / UNIX / Windows	Linux / UNIX / Windows	Red Hat Linux / Windows XP	Linux / UNIX / Windows
Popular	NO	YES	NO	YES