On Sep 26, 2020, at 04:01, Michael D. Setzer II via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Use to use denyhosts on systems, but it seems to have been removed. > The old denyhost would add blocked ipaddresses to stop these sites? > Know that root is not allowed to login ssh by default, so are these lines > just saying attempts had been blocked. > > Have vsftpd setup to use passive ports, so blocking port 22 would not be > a big deal. But just seeing the btmp file grow seems to show wasted > bandwidth if not showing an issue. > > Is it an issue or not?? It means your ssh port is open and you are constantly being scanned, so blocking ssh from everywhere except trusted networks would be ideal. DenyHosts used to just add to /etc/hosts.deny (hence the name) which isn’t used anymore by sshd. It looks like it supports iptables too, but it’s better to use fail2ban, which supports firewalld, uses ipsets or nftables, and is considerably faster. It supports reading the journal too so if you don’t want to use syslogd or send your log traffic off-host, it still works. Since you have vsftpd, it can also logs for it too. -- Jonathan Billings <billings@xxxxxxxxxx> _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
