Fail2ban: Difference between revisions

From Bitpost wiki
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 17: Line 17:
Still not working yet...
Still not working yet...


* Check out port knocking on a non-default port
* turn off passwords entirely!  best, but possibly not convenient
* check out [https://github.com/denyhosts/denyhosts denyhosts]
* turn off passwords entirely!   
** make sure to set up juicessh with the key
** make sure to set up juicessh with the key
** make sure you have a script you can run from bitpost to temporarily turn it back on to set up new machines, run from phone and then start a cron job to turn it off in x minutes
** make sure you have a script you can run from bitpost to temporarily turn it back on to set up new machines, run from phone and then start a cron job to turn it off in x minutes
* check out [https://github.com/denyhosts/denyhosts denyhosts]
other ideas that aren't sounding as good on second thought...
* Check out port knocking - not convenient?  not sure yet
* consider a non-default port - but that is not convenient
* deep dive into how to set up a truly painful tarpit for attackers
* deep dive into how to set up a truly painful tarpit for attackers
** [http://mikhailian.mova.org/node/147 slow down response] - ok moron but not on good attempts, i need 300 or so simultaneous connections
** check out this FUCKING RIGHTEOUS [https://sysadminblog.net/2013/08/debian-iptables-tarpit/ tarpit]
** AND... here's why you shouldn't do a tarpit without a shitton of protective work, you'll get [https://serverfault.com/questions/611063/does-tarpit-have-any-known-vulnerabilities-or-downsides/638899#638899 DOS'ed]

Latest revision as of 14:05, 30 November 2017

fail2ban watches log files for misbehavior, and creates firewall rules, to stop things like brute force ssh attempts.

It takes a few commands to get going though, and I guess it doesn't run as a normal service?

 🌵 m@bitpost [~]sudo fail2ban-client add mdmjail 
Added jail mdmjail
 🌵 m@bitpost [~] sudo fail2ban-client start mdmjail
Jail started
 🌵 m@bitpost [~] sudo fail2ban-client set mdmjail addlogpath /var/log/messages
Current monitored log file(s):
`- /var/log/messages
 🌵 m@bitpost [~]sudo fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	mdmjail

Still not working yet...

  • turn off passwords entirely! best, but possibly not convenient
    • make sure to set up juicessh with the key
    • make sure you have a script you can run from bitpost to temporarily turn it back on to set up new machines, run from phone and then start a cron job to turn it off in x minutes
  • check out denyhosts

other ideas that aren't sounding as good on second thought...

  • Check out port knocking - not convenient? not sure yet
  • consider a non-default port - but that is not convenient
  • deep dive into how to set up a truly painful tarpit for attackers
    • slow down response - ok moron but not on good attempts, i need 300 or so simultaneous connections
    • check out this FUCKING RIGHTEOUS tarpit
    • AND... here's why you shouldn't do a tarpit without a shitton of protective work, you'll get DOS'ed