Re: OT-ish F9 Laptop\USB-Stick CentOS5.x Server SSH Access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If you followed the default installation and set up the firewall. It
will only allow ssh & other services that you have configured. If you
set up this box as http server it should have enabled that as well. I
would advise you to run:

iptables -L # to see what is allowed or not

If you have other ports open that you don't need, run:

service-config-securitylevel or system-config-securitylevel-tui #this
will allow you to do it on an easy prompt driven way if you don't want
to create a script with iptables commandns on it that you can modify
as you wish and reload accordingly as I do on my boxes

regards


On Sat, Aug 30, 2008 at 4:04 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
> On Sat, 2008-08-30 at 09:59 +0100, Frank Murphy wrote:
>> I mean only allow ssh access from those two scenarios,
>> my laptop + an F9 usb-stick.
>>
>> because there are attempts by "fluffy" and other(s) to access the box.
>
> Well, if your own computers are from fixed IPs, you can set those into a
> list of IPs allowed to connect.  However, that doesn't stop someone else
> who's able to get the same IP from trying.
>
> Good passwords, and only using the newer SSH2 protocol, makes it damn
> hard for anyone else to get in.  They can try, and that's about it.
>
> Something like fail2ban will automatically firewall off someone who
> tries and fails, so they don't get to try again.  There's a few of those
> sort of things, which will auto-blacklist addresses for a while.  It
> could be a permanent blacklist, but you'd only want to do that if there
> was no chance of accidentally locking yourself out.
>
> Look into finding and using fail2ban.  I think that's your best way to
> handle it.
>
> --
> [tim@localhost ~]$ uname -r
> 2.6.25.14-108.fc9.i686
>
> Don't send private replies to my address, the mailbox is ignored.  I
> read messages from the public lists.
>
>
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>



-- 
Ed Landaveri
GNU/Linux User 433512
http://counter.li.org
"Free as in Freedom"

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux