At 18:03 06.02.2006, Kevin Kinsey wrote:
Brad Gilmer wrote:
Hello all,
I guess one of the banes of our existance as Sys Admins is that
people are always pounding away at our systems trying to break
in. Lately, I have been getting hit with several hundred of the
messages below per dayin my security report output...
gilmer.org login failures:
Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking
getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE
BREAKIN ATTEMPT!
Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking
getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE
BREAKIN ATTEMPT!
Feb 5 11:18:20 gilmer sshd[78082]: reverse mapping checking
getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE
BREAKIN ATTEMPT!
I am running FreeBSD 5.4 RELEASE, and right now this box is not a
production machine, but I am going to be taking it live fairly
soon. Questions:
1) Is there anything I should be doing to thwart this particular attack?
IANAE on security, but there are several possibilities. Here are a couple
ideas from my deadbeat security brain:
1. edit /etc/ssh/sshd_config and make sure that only the right users
and such are allowed to login, and via the right methods.
2. If the situation allows, you can wrap sshd via /etc/hosts.allow to
only allow logins from certain IP addresses (i.e., wherever you
intend to admin this box from).
Note that, as I mentioned, IANAE, and there is plenty of other "higher
level" security actions that can be taken to secure a box from attack.
Maybe some less-newbie-than-me guru will step up to the plate on that;
maybe not.
2) Given that I am on 5.4, should I upgrade my sshd or do anything
else at this point to make sure my machine is as secure as possible?
Check the advisories at the freebsd.org web site, and keep tracking
RELENG_5_4 with cvsup/buildworld, etc. to stay up to date is a good
starting point.
3) (Meta-question) - Should I upgrade to 6.0 before I go live to
be sure I am in the best possible security situation going forward?
Should I wait until 6.1 for bug fixes (generally I am opposed to
n.0 anything).
Meta-answer, if possible from an idiot like me: 6.0 is actually a very
notable exception to the "don't grab the zero release" rule in my case.
YMMV, of course. Last week I upgraded my last 5.X boxen to 6.X, and
I don't plan on looking back! Now, if I could just find time to
backup/reinstall that 4.X boxen that's locked up so far away!!!
Thanks
Brad
You're welcome.
Kevin Kinsey
Sorry, but what is IANAE and YMMV?
Thank you!
Vaaf
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
