[MLUG] Re: Lax security practices?

["Mike808" <EMAIL:PROTECTED>]

> ... a service called sshblacklist on my server.
> ... apt-get install fail2ban

You can also write one yourself.
Mine does some slightly different things, but works on the same principle.

See http://www.archlug.org/kwiki/SimpleIntrusionDetection

It doesn't load up the iptables, but rather uses the /etc/hosts.deny
file to disable those IP addresses for any services.

IPtables works at the kernel level, and is a little hard to manage.
/etc/hosts.deny can be used by applications (postfix, apache, etc.)
and more importantly, easier to understand than iptables commands.

I also heavily use the DenyUsers feature as well.

# Deny system users that would never login
DenyUsers root adm mysql postfix apache rpm news mail operator named games ftp n
tp nobody halt shutdown sync daemon webalizer sshd gopher uucp vcsa smmsp lp bin
 www postgres webmaster lpd admin postmaster

And use only SSH2 and disallow root login as well.
If I need root, that's what "sudo" is for.

For more info on general firewalling: http://www.archlug.org/kwiki/FirewallKwikis

And for people who abuse my RSS feed, I have this solution:

http://www.archlug.org/kwiki/FeedAbuse

I also have pages on the kwiki itself that drive the list
of those blocked.

I have another one on the kwiki to ban IPs from the webserver.

Mike/
SSH isn't the only service that gets poked in ways you'd rather people not.

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members