how to react on ssh attacks? [solved]
STYMA, ROBERT E (ROBERT)
stymar at lucent.com
Thu Oct 27 15:04:27 UTC 2005
> >>
> >> Denyhosts is available from extras all nicely configured
> to run as a
> >> daemon...
> >>
> >
> >Eventually hosts.deny is getting too big. If this is really fedora's
> >answer, then I think we'll need a version of tcpwrappers
> that has some kind
> >of database, rather than a flat file.
>
> Denyhosts has a --purge option to keep host.deny from getting
> too large.
>
At some point we should make sure we are not trying to kill a mouse
with a sledge hammer (tried that once, just broke stuff and the mouse
got away). The options in this thread are all very useful if you are
running a service which will be accessed from a lot of random places.
Many Fedora users are just trying to get in to their home machine from
work or school or some limited number of places. In this case, setting
the /etc/hosts.deny to "ALL: ALL" and listing the sites you want to allow
in in the /etc/hosts.allow simplifies things greatly. /var/log/secure
will list attempts to get in, but if the guy cannot get a login prompt,
his chances of getting in are minimal.
Bob Styma
More information about the fedora-list
mailing list