Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Dark <dark@...>
Subject: Re: hackers
Date: Tue, 11 Oct 2005 15:21:13 +0200
For the task of banning people trying to force their way into my server 
I use the following combination:

portsentry + logwatch (and a bit of iptables to restrict access to 
certain servers to certain clients).

portsentry will monitor certain ports and check for known attacks (the 
SSH attack and port scan is among those) and given some rules it will 
put the IP/hostname into the /etc/hosts.deny file and thus make sure 
that they wont be able to gain access to the machine (with some other 
techniques they wont even be able to SEE the machine!).

logwatch mails me a summary of the most important logs every day (I've 
set my system to do it around midnight - just after my logsystem changes 
logfile). So I know how much diskspace is left, how much bandwidth I've 
used for the day, how many SSH login attempts there were (succesful, 
unsuccesful and which accounts were tried), etc.

Angel ~ # emerge -s portsentry
Searching...
[ Results for search key : portsentry ]
[ Applications found : 1 ]

*  net-analyzer/portsentry
      Latest version available: 1.2
      Latest version installed: [ Not Installed ]
      Size of downloaded files: 46 kB
      Homepage:    http://sourceforge.net/projects/sentrytools/
      Description: Automated port scan detector and response tool
      License:     GPL-2


Angel ~ # emerge -s logwatch
Searching...
[ Results for search key : logwatch ]
[ Applications found : 3 ]

...
*  sys-apps/logwatch
      Latest version available: 6.0.2
      Latest version installed: 6.0.2
      Size of downloaded files: 149 kB
      Homepage:    http://www.logwatch.org/
      Description: Analyzes and Reports on system logs
      License:     MIT
...


This is nice and stable - if you configure your portsentry a bit 
(remember to add your own IP as an exception - otherwise you MIGHT just 
lock yourself out of the box if you do some security auditing ;-) ).

Just my .02 on this subject. I've been using this for a while - and it 
definently does what it's supposed to do!

/Jakob Rosenlund

woody wrote:

> Jochen Maes wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hey all,
>>
>>
>> ok one off my servers i keep on getting one iprange that tries to
>> login through ssh (200-300) attemps with other usernames.
>> This is probably a script that's being ran all the time, but the isp
>> doesn't mind, i allready sent my logs and my complaints and i don't
>> get any response.
>> Is there something like hackerwatch that i can send those logs to
>> (preferrably automatically) when happening?
>> I've blocked the range now so isn't a problem but hate it that the isp
>> doesn nothing against it.
>
>
> have a look to fail2ban..
>
> diabolo prod # emerge -s fail2ban
> Searching...
> [ Results for search key : fail2ban ]
> [ Applications found : 1 ]
>
> *  net-firewall/fail2ban
>       Latest version available: 0.5.4
>       Latest version installed: 0.5.4
>       Size of downloaded files: 18 kB
>       Homepage:    http://sourceforge.net/projects/fail2ban
>       Description: Bans IP that make too many password failures
>       License:     GPL-2
>
>>
>> greetings,
>>
>> SeJo
>>
>> - --
>> "Defer no time, delays have dangerous ends"
>>
>> Jochen Maes                     Gentoo Linux
>> Gentoo Belgium
>> http://sejo.be
>> http://gentoo.be
>> http://gentoo.org
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.2 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe
>> ZPNqAHab5fXLdx11vdod5rc=
>> =35Kg
>> -----END PGP SIGNATURE-----
>>
>
-- 
gentoo-security@g.o mailing list


References:
hackers
-- Jochen Maes
Re: hackers
-- woody
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: hackers
Next by thread:
Re: hackers
Previous by date:
Re: hackers
Next by date:
Re: hackers


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.