Quoting Sunil Mohan Adapa (2017-03-16 06:05:25) > On Thursday 16 March 2017 01:46 AM, Daddy wrote: >> I have the same experience - I'm using freedombox as (internet exposed) >> router, and I get several root login ssh attempts from various ip >> addresses every few seconds. >> >> I've installed fail2ban, but as pam-abl is present, that was probably an >> overkill. >> > > Fail2ban is good choice in this case because we wish to stop attempts > from happening (and logs from filling up). Fail2ban actively > discourages an adversary by blocking their packet traffic which > libpam-abl does not. Fail2ban also has the infrastructure for making > web based login attempts harder. > > There have been previous discussions about adding fail2ban to > FreedomBox by default. I opened a new issues to implement this > fail2ban for SSH[1] and Plinth[2]. If someone is interested they can > pick it up (slightly more than 'beginner' level difficulty).
pam-abl is more resource-efficient and arguably less brittle than fail2ban, as it hooks into the login process itself whereas fail2ban rely on parsing logfiles (which especially under attack can grow large). pam-abl can be configured to block network traffic altogether - from a quick search for "pam-abl iptables": http://serverfault.com/questions/395379/how-to-use-pam-to-limit-failed-login-attempts-by-ip > Links: > > 1) https://github.com/freedombox/Plinth/issues/759 > 2) https://github.com/freedombox/Plinth/issues/760 Can we please track Freedombox issues at our Debian bugtracker? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
