On 11/19/2014 07:38, Bruno Wolff III wrote:
On Wed, Nov 19, 2014 at 11:58:11 +0000,
Patrick O'Callaghan <pocallaghan@xxxxxxxxx> wrote:
If the main concern is ssh hacking, you might consider denyhosts (yum
install denyhosts). It's easy to set up and seems to be effective. The
logs make fascinating (and scary) reading.
openssh stopped supporting tcpwrappers/libwrap in version 6.7 (which
isn't in Fedora yet), so this will stop working in the not too distant
future unless the Fedora maintainer puts that feature back in.
I've found fail2ban to be the weapon of choice. Not only will it block
brute force attempts by bad guys for SSH, but you can also configure it
to block attempts against other services. For example, I use it to
block attempts to send email through the server from addresses that may
be forged. It works like a charm, is easy to configure and use, and yum
should give it to you in a snap.
Tom
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
