Re: [MLUG] Lax security practices?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] Lax security practices?
From: Josh <EMAIL:PROTECTED>
Date: Tue, 21 Mar 2006 22:27:27 -0600
Delivery-date: Tue, 21 Mar 2006 22:28:48 -0600
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED> <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
User-agent: Debian Thunderbird 1.0.7 (X11/20051017)

For those lucky enough to run Debian, I highly recommend installing
fail2ban.

If you have a publically available SSH server, check your auth.log... I
find most such machines have (literally) a thousand or so failed login
attempts a day from bots searching for weak machines. fail2ban is a
great debian package that uses an iptables blacklist to block any IP
with 4 or more failed attempts in some short time period from logging in
for the next 600 seconds.

apt-get install fail2ban



Daniel Nowlin wrote:

> WOW yes it is. I even run a service called sshblacklist on my server.
> It checks the security log (FC4) for any bad user/password and starts
> a count. When this count for this IP reaches a set number then it adds
> that IP to an IPTABLES block list. After a set number of days it then
> removes the IP.
>
> Dan
>
>
> Phillip Kelchen wrote:
>
>> Since I have found myself with two computers running Linux now (my
>> new desktop and my old laptop, both running SuSE 10.0, one 32-bit and
>> one 64-bit.) I have been working on networking the two so that I can
>> put the notes I take on the laptop on the desktop and print on the
>> desktop's printer from the laptop.
>> One thing I noticed was that I could ssh and login as root by default
>> to either machine with SSH1 or SSH2 (!!!) Doesn't this strike you as
>> a huge security loophole since this is set up this way out of the
>> box? It did for me- enough to hunt down how to properly configure
>> /etc/ssh/sshd_config to disable SSH1 and remote root logins. I would
>> have thought that sort of thing would (should) be disabled by default
>> as it is a security risk and only those who know what they are doing
>> would need to change it. SFTP and SSH to Bengal still work fine after
>> my changes, so I'd imagine that most people's SSHing to other boxes
>> and using SFTP would be unhindered too. You can still su to root on
>> the remote machine granted that you have a shell account and that
>> your account is in the sudoers group.
>>
>> I guess this kind of thing is how Linux boxes get hacked if they have
>> to allow SSH access to the Internet- brute force the root password
>> via SSH or force the connection to use SSH1 and crack that. SuSE is a
>> rather polished distribution and I guess that there are a lot of
>> new/inexperienced users that are running it totally unaware of the
>> security issue, like I was for the last 2 years. I was behind a
>> router that blocked incoming SSH, but...
>>
>> Phillip
>>
>> _______________________________________________
>> members mailing list
>> EMAIL:PROTECTED
>> http://mlug.missouri.edu/mailman/listinfo/members
>>   
>
>

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- Re: [MLUG] Lax security practices?
  - From: Phillip Kelchen <EMAIL:PROTECTED>

References:
- [MLUG] Lax security practices?
  - From: Phillip Kelchen <EMAIL:PROTECTED>
- Re: [MLUG] Lax security practices?
  - From: Daniel Nowlin <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] Lax security practices?
Next by Date: Re: [MLUG] Lax security practices?
Previous by thread: Re: [MLUG] Lax security practices?
Next by thread: Re: [MLUG] Lax security practices?
Index(es):
- Date
- Thread