fail2ban VS. denyhost

jill lists at bespokess.com
Thu Oct 16 04:42:27 MST 2014


In the case of ssh either way you're more comfortable with is fine.  The general idea is just to whitelist allowed hosts/netblocks as opposed to playing whack-a-mole with blacklisting ala the fail2ban approach.

-Jill


On 2014-10-15 21:50, JD Austin wrote:
> From what I remember hosts.allow and hosts.deny only work with services
> that use TCP Wrappers.
> You can use the ldd commmand to determine if libwrap is compiled into a
> daemon:
> sudo ldd /usr/sbin/sshd| grep wrap
> 
> For me ssh has libwrap complied in so I could use either iptables or
> /etc/hosts.deny to block access.
> 
> -- JD Austin
> Voice: 480.269.4335 (480 2MY Geek)
> jd at twingeckos.com
> 
> 
> On Wed, Oct 15, 2014 at 2:05 PM, <techlists at phpcoderusa.com> wrote:
> 
> >
> >
> > I use IPTable to protect ssh.  Should I be using hosts.allow instead?  How
> > does host.allow differ from using IPTables to deny all IP's to a specific
> > port except for the IP's you want to give access?
> >
> > Keith
> >
> >
> >
> > On 2014-10-15 15:52, jill wrote:
> >
> >> I would point out that fail2ban is a script that scours auth.log (as
> >> root) for failed authentications, parses out the source host field,
> >> then runs iptables (as root) to add rules for that host.  Especially
> >> in light of things like shell shock, think what an attacker could do
> >> with a crafted packet that caused that log line to include malicious
> >> commands in the host field.  You're better off properly hardening sshd
> >> itself.
> >>
> >> White list in hosts.allow client ips/domains you will be connecting
> >> from and block all others if at all possible.
> >> Set your sshd_config to:
> >> Never ever allow root login.  Ever.
> >> Whitelist explicitly what users/groups can connect on ssh.
> >> Disable password-based auth and use keys, protect the heck out of your
> >> private key.
> >>
> >> -Jill
> >>
> >>
> >> On 2014-10-15 17:10, Stephen M wrote:
> >>
> >>> I am trying to learn about ssh and remoting into a computer from out of
> >>> my
> >>> house.  I have all the ability to do this but I want to make sure my
> >>> desktop is secured.  I will basically be either using resources on my
> >>> desktop or backing up files to my laptop.
> >>>
> >>> From what I have read.  denyhosts and fail2ban are the same, the only
> >>> difference is fail2ban requires more maintenance and has more options.
> >>> If
> >>> I am just trying to turn my desktop into a file server whats the best
> >>> option here?
> >>>
> >>> --
> >>> Stephen Melheim
> >>> 602-400-7707
> >>> SMelheim85 at gmail.com
> >>> ---------------------------------------------------
> >>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >>> To subscribe, unsubscribe, or to change your mail settings:
> >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>>
> >>
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >>
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> >
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss




More information about the PLUG-discuss mailing list