Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Andrew Libby on 23 Mar 2009 05:56:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fail2ban (was: Re: 'logcheck')

From: Andrew Libby <alibby@tangeis.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Date: Mon, 23 Mar 2009 08:56:09 -0400

Organization: Tangeis, LLC

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.21 (Macintosh/20090302)

Douglas Muth wrote: > > Speaking of "must have" packages for servers, I'm a big fan of fail2ban, myself: > > fail2ban - bans IPs that cause multiple authentication errors > > By default, installing fail2ban via apt-get will also include a > configuration that drops traffic from a remote host after 6 failed SSH > attempts. This was a godsend when some host from China kept trying to > log into one of my machines every 10 seconds. The installation > process started the daemon, and 6 login attempts later, all traffic > from that host was dropped via iptables. > Can anyone speak to denyhosts, and how fail2ban and denyhosts stack up to each other? Anecdotally, Don't become complacent when using tools like these. Strong passwords and otherwise appropropriate firewalling is important. Last year there wast at least one discussion on the list here about distributed password attacks. Secure versus insecure passwords can require orders of magnitude difference in the number of attempts before a cracked password. The difference between six and even a single request using fail2ban or denyhosts is not even a single order of magnitude. It's a mere factor of six. To be safest use several approaches. o Don't permit root logins o Only allow a select subset of users to loging via public services. Exclude system users or other users that don't need interactive logins. o If possible, disallow password authentication all together. o And use tools like fail2ban or denyhosts as well as good firewall policy. Sorry if I sound preachy. I got complacent recently and got bitten. Best luck to all! Andy-- =============================================== Tangeis, LLC Andrew Libby alibby@tangeis.com www.tangeis.com 610-761-1991 =============================================== ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Fail2ban (was: Re: 'logcheck')
From: sean finney <seanius@seanius.net>

References:

[PLUG] Fail2ban (was: Re: 'logcheck')
From: Douglas Muth <doug.muth@gmail.com>

Prev by Date: Re: [PLUG] Wine and winetricks

Next by Date: [PLUG] Command Line FU

Previous by thread: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Next by thread: Re: [PLUG] Fail2ban (was: Re: 'logcheck')

Index(es):

Date

Thread