fail2ban VS. denyhost
jill
lists at bespokess.com
Wed Oct 15 13:52:01 MST 2014
I would point out that fail2ban is a script that scours auth.log (as root) for failed authentications, parses out the source host field, then runs iptables (as root) to add rules for that host. Especially in light of things like shell shock, think what an attacker could do with a crafted packet that caused that log line to include malicious commands in the host field. You're better off properly hardening sshd itself.
White list in hosts.allow client ips/domains you will be connecting from and block all others if at all possible.
Set your sshd_config to:
Never ever allow root login. Ever.
Whitelist explicitly what users/groups can connect on ssh.
Disable password-based auth and use keys, protect the heck out of your private key.
-Jill
On 2014-10-15 17:10, Stephen M wrote:
> I am trying to learn about ssh and remoting into a computer from out of my
> house. I have all the ability to do this but I want to make sure my
> desktop is secured. I will basically be either using resources on my
> desktop or backing up files to my laptop.
>
> From what I have read. denyhosts and fail2ban are the same, the only
> difference is fail2ban requires more maintenance and has more options. If
> I am just trying to turn my desktop into a file server whats the best
> option here?
>
> --
> Stephen Melheim
> 602-400-7707
> SMelheim85 at gmail.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list