[SATLUG] security, brute force ssh, and others

Geoff geofff at w5omr.shacknet.nu
Wed Apr 30 07:28:58 CDT 2008


Daniel J. Givens wrote:
> The answer you seek is Fail2Ban (www.fail2ban.org). It will watch your
> logs for (definable) patterns and do (definable) actions, such as
> adding netfilter rules to drop traffic from offending hosts. I've used
> it to great success to block bots like this.
>
> By the way, this is extremely common. You really don't have anything
> to worry about here. Just make sure remote root login is disabled in
> SSH and think about setting up a group called sshusers and add the
> AllowGroups option to /etc/ssh/sshd_config.

There was talk around here, of setting up a 'tar-baby' (for lack of a
better term, or better memory).  Honey Pot, I think it was called.

Something to draw the pests to and presumably do something to them, at
the time.

Did that ever get done?




More information about the SATLUG mailing list