tightening ssh
Anthony J Placilla
anthony_placilla at SUTH.COM
Fri Dec 2 17:03:54 UTC 2005
--snip--
> >
> > --
> > Knute Johnson
> > Molon Labe...
> A while back there was discussion on the list about a script that
> monitored /var/messages and /var/secure and would write a rule to block an IP
> address after "x" number of attempts to log in.
> I could not find the reference that I kept. You might try searching the list
> but the scripts were very good.
>
Try this
http://denyhosts.sourceforge.net/
or for quick & dirty:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m conntrack
--ctstate NEW -m recent --set --name sshscans --rsource
iptables -A INPUT -m recent --rcheck --seconds 60 --hitcount 10 --name
sshscans --rsource -j DROP
(thanks to david at blue-labs.org for that one)
--
Tony Placilla, RHCT
anthony_placilla at suth.com
More information about the fedora-list
mailing list