Hello,
I have read and seen many options for additions to Iptables as a firewall
and security system. All seem to react to logs and not to incoming packets
(as far as I have seen)
I am interested in doing a number of security ideas to the firewall,
iptables, on my webserver. If you have a program you would suggest or
believe iptables is the proper solution, please feel free to post that.
Here are some of the things I would like to do
1) I have switched my SSH to a different port. I would like to still check
for anyone trying to hit the old port 22 and log them. At the same time add
them to a reject/ban for a certain period of time, lets say 1 day.
2) there are certain apache hacks (like things that include ../) that I
would prefer to stop at the firewall. I would also like to log these
attempts and begin a reject/ban for a certain period of time. Or just log
until I figure out the best way to safely ban.
3) There are common script kiddie hacks that look for certain files 1
million times a day. I would like to either look for them in the incoming
packets, log, and ban. Or I would like to be able to use my own php program
to route them out and then add to a ban list that iptables can use.
These are just some of the things I am looking at doing. I also want to
start a ban list for mail packets too, why bog down sendmail when I know
what they are?
I realize some things might be done via programs like fail2ban (like my php
program making a list) but others would be better at the firewall as active
reaction security measures.
Any input kindly accepted.
Thank you for any help or ideas.
Bob
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
