[Wylug-help] Security log message
Anne Wilson
cannewilson at googlemail.com
Mon Mar 10 15:52:25 GMT 2008
On Monday 10 March 2008 11:37:55 chris at ascent.plus.com wrote:
> >> ssh certainly gets a pounding from brute force attempts. That was why I
> >> was
> >> tempted by rate limiting it.
> >
> > It certainly does. I tend to run SSH on unconventional ports because of
> > this. I see lots and lots of dictionary attacks.
> >
> > james
>
> Have you tried using fail2ban:
>
> http://www.fail2ban.org/wiki/index.php/Main_Page
>
> I have used it successfully. It bans IP addresses for a length of time if
> three unsuccessful attempts are made.
>
> Fail2ban works well with Logwatch. Logwatch gives a daily email report of
> various aspects of your system.
>
I've read several good reports about fail2ban, so I've installed it. The
config files look OK, and I've set the mail addresses to me. I met Logwatch
about 18 months ago, and wouldn't be without it now :-)
Are there any issues with selinux, do you know?
Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://list.wylug.org.uk/pipermail/wylug-help/attachments/20080310/7cfd5fd0/attachment.bin
More information about the Wylug-help
mailing list