From: "Fajar Priyanto" <fajarpri@xxxxxxxxxx>
On Thursday 30 March 2006 11:24 pm, Paul Howarth wrote:
> rpm -qa | grep denyhosts
> denyhosts-2.2-1.2.fc4.rf
>
> Also the initscript is not installed too.
> That's why I set it up manually then.
That'll be because you've got the rpmforge version of the package rather
than the Fedora Extras one.
Ohhh! No wonder there were two packages when I did yum search denyhosts, and
apparently when I used the yum install denyhosts, yum downloaded the rpmforge
one.
denyhosts.noarch 2.2-1.2.fc4.rf dries
denyhosts.noarch 2.0-1.fc4 extras
But, why did yum choose the rpmforge? Is it the version?
--
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
For those using REAL IPTables instead of one of the silly ShoreWall type
futilities:
===8<---
# Then setup the ssh reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset
===8<---
With the values present a given site gets three tries within a 120 second
interval. Once that is exceeded it is locked out until the retry count
drops below 3 in 2 minutes. This means ALL attacks get blocked. It also
means that if you screw up your password three times you can still get in
if you wait a little bit.
I tend to review the logs which show the failed login attempts. If I find
an address in a part of the world where I am VERY unlikely to find myself
I simply add that whole Asian IP block to a reject rule. But really, at
30 seconds per try how long do you think it would take to guess a user
password of "abcdefgh" when the user name is not known, either?
{^_-}
