Hi All,
The next thing on my list of things to do over Christmas :-)
I am taking a systematic look at each side of my servers to see if things can be
done better. While I currently have (home grown) protection for automated SSH
attacks/probes the other services seem just as vulnerable especially if it's a
real attack trying to crack a real persons password.
So what do people use?
I figure iptables is probably the best thing to use (instead of hosts.deny) but
that does mean I'll have to build a firewall ruleset at the same time. Tools
that combine the two would be good.
iptables RECENT module would be good but does it work on the default CentOS BQ
(v1.2.11)? I also don't think it would work very well on POP3, IMAP & Apache??
Certainly there are separate apps I could use but it seems silly to run five
separate apps to protect five services. Most parse log files too which can't be
the most instant/effective.
Links I have collected from previous posts...
http://fail2ban.sourceforge.net/wiki/index.php/Main_Page
http://sourceforge.net/projects/blocksshd/
http://www.csc.liv.ac.uk/~greg/sshdfilter/
http://www.rfxnetworks.com/bfd.php
http://bluequartz.ixc.co.uk/
All and any suggestions welcome.
Thank you in advance
Dan