Steve schrieb:
I can't believe that I'm the only person with this, so it's probably
worth asking.
I'm one of the (many) people who has opportunists trying usernames and
passwords against SSH... while every effort has been made to secure
this service by configuration; strong passwords; no root login
remotely etc. I would still prefer to block sites using obvious
dictionary attacks against me.
I used to use DenyHosts - but that became annoying as it used rather a
lot of resources (and relied upon tcp wrappers... which, I'm informed
are somewhat old-fashioned)
I migrated to try using iptables as my firewall and using blacklist.py
- which I got working after some minor config-tweaking. I'm aware
that there is configuration in the blacklist.py script for
BLOCKING_PERIOD - but what I really miss the "blocked forever" nature
of the DenyHosts alternative.... though I prefer every other aspect of
the iptables/blacklist.py approach.
Has anyone else resolved this? As far as I'm concerned, once I detect
someone has attempted a brute force (which blaclist.py does
fantastically well) what I want is for no further communication to be
accepted from the IP address - even after I reboot etc. While I don't
know which sites I want to be accessible from in advance, I can be
sure none of them would launch a brute force attack against me. :-)
Recommendations?
I'm looking for the neatest Gentoo way to do this... rather than
recommendations for how to write something to do what I want from
scratch...
Steve
Try fail2ban. I started as newby on iptables and I still am, because it
is very easy to configure and does it job perfect.
http://gentoo-wiki.com/HOWTO_fail2ban
http://www.fail2ban.org/wiki/index.php/Main_Page
--
gentoo-user@lists.gentoo.org mailing list
