Re: Security basics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-10-04 at 10:12 -0400, Jacques B. wrote:
> I had SSH activated for a while on a box because I needed remote
> access to administer the web server (I was hosting a pretty basic site
> for some elementary school kids - kid friendly links).  I wrote a
> couple of scripts to carve out offending traffic in my logs and tag a
> standard paragraph to it advising the IP owner of malicious traffic
> originating from their network.  Some responded (most did) thanking me
> for advising them and stating that they would look into it.  Usually
> another infected machine as was pointed out in this thread.  Much like
> if someone was able to compromise your box and then use it to initiate
> attacks against other systems.  Your ISP would come to you telling you
> that they will take you off the grid until you correct the problem.
> 
> Jacques B.
> 

As an aside, I use fail2ban which allows me to set a threshold for
failed SSH access (and thresholds for other services as well).  Once the
threshold has been reached, the firewall is reconfigured to deny access
for as long as you'd like.  It allowed me leave keep my SSH port for
those applications that can't switch to another port and stopped every
brute force attack at the same time.

http://www.fail2ban.org/wiki/index.php/Main_Page

You can install it with yum too:  yum install fail2ban


Tom


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux