[GLLUG] Maybe OT - Fail2ban and what triggers it
James Hawtin
oolon at ankh.org
Mon Mar 18 13:25:52 UTC 2013
> Interesting analysis there.
>
> The source country reminded me of recent news articles about "Unit
> 61398" [0] and military-sponsored attacks.
>
> You've been given good advice on how to secure SSH. I use fail2ban too
> in tandem with denyhosts [1]. Be warned that you must configure it
> carefully or else could find yourself "locked out"!
>
> [0] http://www.theregister.co.uk/2013/02/19/china_apt_report_mandiant/
> [1] http://denyhosts.sourceforge.net/
>
Personally I only have 4 ip addresses in the world white listed to access
my SSH port, that does wonders for covering attacks. I always meant to
setup port knocking, for random IPs, but never need it that much to spend
the time setting something up.
James
More information about the GLLUG
mailing list