Sorry, text came out crap for some reason, trying again to make it clearer.
/usr/sbin/iptables -I INPU= T -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
/usr/sbin/iptables -I INPU= T -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seco= nds 1000 --hitcount 2 -j DROP
All you need to drop any unsuccessful SSH logins for a specified period of seconds.
Eth1 is obviously your public NIC
--hitcount is the number tries allowed
--seconds is, well, seconds the IP is dropped into a bit bucket for!
Your an idiot! Sorry but I can't see any other way to put it in terms that you might actually understand.
Clearly you have NO idea what MOST IT departments or REAL data centres run like. You know, the ones in the real world that were built by an ever changing bunch of people and developers who float between departments and jobs, never adequately document anything they do, create all manner of bizarre work arounds and tricks to either make up for OS or design limitations or bad design, never budget or even PLAN for the (cough, cough!) EXTREMELY UNLIKELY scenario that the server might actually fail, and when it does and the people who actually know how it works, or even know how to properly do application restores, aren't around, and your getting the call at the footy on Saturday arvo to "GET IT WORKING".
You can bitch and moan all you want about processes and procedures, backup and restore documents, but in the many years I've been working, I have invariably found that if the group responsible for deploying a service, can offload that onto the IT dept, that's exactly what happens. And usually with NO EXTRA BUDGET to cover things like, you know, tape units, tapes, etc, etc.
So if my positive experience using ESX sounds like a sales pitch, then hell yeah! It has saved me enormous amounts of head-aches, time, etc, while providing complete fault-tolerance. You know, the kind of things most departments EXPECT from the IT guys but NEVER actually budget for! Using it I can now run and manage literally hundreds of servers with ease, compared to constantly chasing my tail looking after a fraction of that in out-dated and unsupported physicals that no-one wants to rebuild or replace!
Moron!
I would actually say that the day ESXi became free, it made server completely obsolete for ANYTHING other than initial testing or building.
As you stated, this article really on every level is a ridicuously poorly designed implimentation, I don't get into flame wars as to what's the better OS, etc, etc, so far as I'm concerned whatever is best at doing what I need it to is the solution I aim for, and with ESX I must admit I have been extremely happy with the time and resource savings, as well as the GREATLY reduced management overhead. Throw in the HA, DRS, vMotion, and disaster recovery, and I now sleep a lot better at night, and get far fewer calls!
In my opinion it always comes down to the fact that shelling out some money for a good product always beats trying to stuff around with a "free" one that's hard to configure and maintain. I run 4 ESX farms, and have NO problem rolling out virtually any type of server from Oracle/RHEL, to Win2k3/2k8, and everything inbetween. I simply make sure I allocate enough resources, and NEVER over commit. I did a cost analysis ages back trying to convince management we needed to go down the virtualisation path to guarantee business continuity.
In the end it took the failure of our most critical CRM server crashing and me importing an Acronis backup of it into ESX that convinced them beyond a shadow of a doubt.
I would say to anyone, something for $15-20K that gives:
Fault-tolerance
Fail-over
Easy server roll-outs
Simple network re-configuration
Almost instant recoverability of machines
Is more than worth the cost! The true cost of NOT doing it can be the end of a business, or as I have seen, several days of data/productivity lost!
Performance issues? Reliability issues? I have none at all, the only times i've had issues are poorly developed
I have Fibre SAN's (with a mix of F/C, SAS, and SATA disks) and switches, so the SAN just shrugs off any attempt to I/O bind it! The only limitation I can think of is the 4 virtual NIC's, it would be good for some of our products to be able to provide a much higher number.
No comparison in my opinion.
I have no doubt at all that it works that way for a lot of people!
I'm definitely not saying all HR people are tarred with the same brush, but some of the ones I've dealt with over the years make you wonder how they got a job in the first place.
And just remember, the internet abounds with proof that all you need to do to ruin someone's career is to throw a little mud, whether it's true or not is of no relevance at all. People like nasty rumors and quite happily spread them.
Quantity is no substitute for quality, but its the only one we've got.