fail2ban VS. denyhost
techlists at phpcoderusa.com
techlists at phpcoderusa.com
Wed Oct 15 14:05:59 MST 2014
I use IPTable to protect ssh. Should I be using hosts.allow instead?
How does host.allow differ from using IPTables to deny all IP's to a
specific port except for the IP's you want to give access?
Keith
On 2014-10-15 15:52, jill wrote:
> I would point out that fail2ban is a script that scours auth.log (as
> root) for failed authentications, parses out the source host field,
> then runs iptables (as root) to add rules for that host. Especially
> in light of things like shell shock, think what an attacker could do
> with a crafted packet that caused that log line to include malicious
> commands in the host field. You're better off properly hardening sshd
> itself.
>
> White list in hosts.allow client ips/domains you will be connecting
> from and block all others if at all possible.
> Set your sshd_config to:
> Never ever allow root login. Ever.
> Whitelist explicitly what users/groups can connect on ssh.
> Disable password-based auth and use keys, protect the heck out of your
> private key.
>
> -Jill
>
>
> On 2014-10-15 17:10, Stephen M wrote:
>> I am trying to learn about ssh and remoting into a computer from out
>> of my
>> house. I have all the ability to do this but I want to make sure my
>> desktop is secured. I will basically be either using resources on my
>> desktop or backing up files to my laptop.
>>
>> From what I have read. denyhosts and fail2ban are the same, the only
>> difference is fail2ban requires more maintenance and has more options.
>> If
>> I am just trying to turn my desktop into a file server whats the best
>> option here?
>>
>> --
>> Stephen Melheim
>> 602-400-7707
>> SMelheim85 at gmail.com
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list