Re: fail2ban VS. denyhost

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mjill at <-
MJD Austin at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: techlists@phpcoderusa.com
Date:  
To: Main PLUG discussion list
Subject: Re: fail2ban VS. denyhost


I use IPTable to protect ssh. Should I be using hosts.allow instead?
How does host.allow differ from using IPTables to deny all IP's to a
specific port except for the IP's you want to give access?

Keith


On 2014-10-15 15:52, jill wrote:
> I would point out that fail2ban is a script that scours auth.log (as
> root) for failed authentications, parses out the source host field,
> then runs iptables (as root) to add rules for that host. Especially
> in light of things like shell shock, think what an attacker could do
> with a crafted packet that caused that log line to include malicious
> commands in the host field. You're better off properly hardening sshd
> itself.
>
> White list in hosts.allow client ips/domains you will be connecting
> from and block all others if at all possible.
> Set your sshd_config to:
> Never ever allow root login. Ever.
> Whitelist explicitly what users/groups can connect on ssh.
> Disable password-based auth and use keys, protect the heck out of your
> private key.
>
> -Jill
>
>
> On 2014-10-15 17:10, Stephen M wrote:
>> I am trying to learn about ssh and remoting into a computer from out
>> of my
>> house. I have all the ability to do this but I want to make sure my
>> desktop is secured. I will basically be either using resources on my
>> desktop or backing up files to my laptop.
>>
>> From what I have read. denyhosts and fail2ban are the same, the only
>> difference is fail2ban requires more maintenance and has more options.
>> If
>> I am just trying to turn my desktop into a file server whats the best
>> option here?
>>
>> --
>> Stephen Melheim
>> 602-400-7707
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: fail2ban VS. denyhostRe: fail2ban VS. denyhost->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)