1 |
Steve schrieb: |
2 |
> I can't believe that I'm the only person with this, so it's probably |
3 |
> worth asking. |
4 |
> |
5 |
> I'm one of the (many) people who has opportunists trying usernames and |
6 |
> passwords against SSH... while every effort has been made to secure |
7 |
> this service by configuration; strong passwords; no root login |
8 |
> remotely etc. I would still prefer to block sites using obvious |
9 |
> dictionary attacks against me. |
10 |
> |
11 |
> I used to use DenyHosts - but that became annoying as it used rather a |
12 |
> lot of resources (and relied upon tcp wrappers... which, I'm informed |
13 |
> are somewhat old-fashioned) |
14 |
> |
15 |
> I migrated to try using iptables as my firewall and using blacklist.py |
16 |
> - which I got working after some minor config-tweaking. I'm aware |
17 |
> that there is configuration in the blacklist.py script for |
18 |
> BLOCKING_PERIOD - but what I really miss the "blocked forever" nature |
19 |
> of the DenyHosts alternative.... though I prefer every other aspect of |
20 |
> the iptables/blacklist.py approach. |
21 |
> |
22 |
> Has anyone else resolved this? As far as I'm concerned, once I detect |
23 |
> someone has attempted a brute force (which blaclist.py does |
24 |
> fantastically well) what I want is for no further communication to be |
25 |
> accepted from the IP address - even after I reboot etc. While I don't |
26 |
> know which sites I want to be accessible from in advance, I can be |
27 |
> sure none of them would launch a brute force attack against me. :-) |
28 |
> |
29 |
> Recommendations? |
30 |
> |
31 |
> I'm looking for the neatest Gentoo way to do this... rather than |
32 |
> recommendations for how to write something to do what I want from |
33 |
> scratch... |
34 |
> |
35 |
> Steve |
36 |
> |
37 |
|
38 |
Try fail2ban. I started as newby on iptables and I still am, because it |
39 |
is very easy to configure and does it job perfect. |
40 |
|
41 |
http://gentoo-wiki.com/HOWTO_fail2ban |
42 |
http://www.fail2ban.org/wiki/index.php/Main_Page |
43 |
-- |
44 |
gentoo-user@l.g.o mailing list |