fail2ban VS. denyhost
Stephen M
smelheim85 at gmail.com
Thu Oct 16 14:24:19 MST 2014
I did the command and it failed. So TCP wrapper is not being used. So I
would need to compile that first. Also wouldit be a good idea go put
etc/hosts.deny to all so it would deny all users. And explicitly allow an
IP address.
On Oct 15, 2014 2:50 PM, "JD Austin" <jd at twingeckos.com> wrote:
> From what I remember hosts.allow and hosts.deny only work with services
> that use TCP Wrappers.
> You can use the ldd commmand to determine if libwrap is compiled into a
> daemon:
> sudo ldd /usr/sbin/sshd| grep wrap
>
> For me ssh has libwrap complied in so I could use either iptables or
> /etc/hosts.deny to block access.
>
> -- JD Austin
> Voice: 480.269.4335 (480 2MY Geek)
> jd at twingeckos.com
>
>
> On Wed, Oct 15, 2014 at 2:05 PM, <techlists at phpcoderusa.com> wrote:
>
>>
>>
>> I use IPTable to protect ssh. Should I be using hosts.allow instead?
>> How does host.allow differ from using IPTables to deny all IP's to a
>> specific port except for the IP's you want to give access?
>>
>> Keith
>>
>>
>>
>> On 2014-10-15 15:52, jill wrote:
>>
>>> I would point out that fail2ban is a script that scours auth.log (as
>>> root) for failed authentications, parses out the source host field,
>>> then runs iptables (as root) to add rules for that host. Especially
>>> in light of things like shell shock, think what an attacker could do
>>> with a crafted packet that caused that log line to include malicious
>>> commands in the host field. You're better off properly hardening sshd
>>> itself.
>>>
>>> White list in hosts.allow client ips/domains you will be connecting
>>> from and block all others if at all possible.
>>> Set your sshd_config to:
>>> Never ever allow root login. Ever.
>>> Whitelist explicitly what users/groups can connect on ssh.
>>> Disable password-based auth and use keys, protect the heck out of your
>>> private key.
>>>
>>> -Jill
>>>
>>>
>>> On 2014-10-15 17:10, Stephen M wrote:
>>>
>>>> I am trying to learn about ssh and remoting into a computer from out of
>>>> my
>>>> house. I have all the ability to do this but I want to make sure my
>>>> desktop is secured. I will basically be either using resources on my
>>>> desktop or backing up files to my laptop.
>>>>
>>>> From what I have read. denyhosts and fail2ban are the same, the only
>>>> difference is fail2ban requires more maintenance and has more options.
>>>> If
>>>> I am just trying to turn my desktop into a file server whats the best
>>>> option here?
>>>>
>>>> --
>>>> Stephen Melheim
>>>> 602-400-7707
>>>> SMelheim85 at gmail.com
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20141016/5e3e8f44/attachment.html>
More information about the PLUG-discuss
mailing list