Re: fail2ban VS. denyhost

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: jill
Date:  
To: Plug Discuss
CC: JD Austin
Subject: Re: fail2ban VS. denyhost
In the case of ssh either way you're more comfortable with is fine. The general idea is just to whitelist allowed hosts/netblocks as opposed to playing whack-a-mole with blacklisting ala the fail2ban approach.

-Jill


On 2014-10-15 21:50, JD Austin wrote:
> From what I remember hosts.allow and hosts.deny only work with services
> that use TCP Wrappers.
> You can use the ldd commmand to determine if libwrap is compiled into a
> daemon:
> sudo ldd /usr/sbin/sshd| grep wrap
>
> For me ssh has libwrap complied in so I could use either iptables or
> /etc/hosts.deny to block access.
>
> -- JD Austin
> Voice: 480.269.4335 (480 2MY Geek)
>
>
>
> On Wed, Oct 15, 2014 at 2:05 PM, <> wrote:
>
> >
> >
> > I use IPTable to protect ssh. Should I be using hosts.allow instead? How
> > does host.allow differ from using IPTables to deny all IP's to a specific
> > port except for the IP's you want to give access?
> >
> > Keith
> >
> >
> >
> > On 2014-10-15 15:52, jill wrote:
> >
> >> I would point out that fail2ban is a script that scours auth.log (as
> >> root) for failed authentications, parses out the source host field,
> >> then runs iptables (as root) to add rules for that host. Especially
> >> in light of things like shell shock, think what an attacker could do
> >> with a crafted packet that caused that log line to include malicious
> >> commands in the host field. You're better off properly hardening sshd
> >> itself.
> >>
> >> White list in hosts.allow client ips/domains you will be connecting
> >> from and block all others if at all possible.
> >> Set your sshd_config to:
> >> Never ever allow root login. Ever.
> >> Whitelist explicitly what users/groups can connect on ssh.
> >> Disable password-based auth and use keys, protect the heck out of your
> >> private key.
> >>
> >> -Jill
> >>
> >>
> >> On 2014-10-15 17:10, Stephen M wrote:
> >>
> >>> I am trying to learn about ssh and remoting into a computer from out of
> >>> my
> >>> house. I have all the ability to do this but I want to make sure my
> >>> desktop is secured. I will basically be either using resources on my
> >>> desktop or backing up files to my laptop.
> >>>
> >>> From what I have read. denyhosts and fail2ban are the same, the only
> >>> difference is fail2ban requires more maintenance and has more options.
> >>> If
> >>> I am just trying to turn my desktop into a file server whats the best
> >>> option here?
> >>>
> >>> --
> >>> Stephen Melheim
> >>> 602-400-7707
> >>>
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list -
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list -
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss



---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss