Fail2ban
fail2ban watches log files for misbehavior, and creates firewall rules, to stop things like brute force ssh attempts.
It takes a few commands to get going though, and I guess it doesn't run as a normal service?
🌵 m@bitpost [~]sudo fail2ban-client add mdmjail Added jail mdmjail 🌵 m@bitpost [~] sudo fail2ban-client start mdmjail Jail started 🌵 m@bitpost [~] sudo fail2ban-client set mdmjail addlogpath /var/log/messages Current monitored log file(s): `- /var/log/messages 🌵 m@bitpost [~]sudo fail2ban-client status Status |- Number of jail: 1 `- Jail list: mdmjail
Still not working yet...
- Check out port knocking - not convenient? not sure yet
- consider a non-default port - but that is not convenient
- check out denyhosts
- turn off passwords entirely! best, but possibly not convenient
- make sure to set up juicessh with the key
- make sure you have a script you can run from bitpost to temporarily turn it back on to set up new machines, run from phone and then start a cron job to turn it off in x minutes
- deep dive into how to set up a truly painful tarpit for attackers
- slow down response - ok moron but not on good attempts, i need 300 or so simultaneous connections
- check out this FUCKING RIGHTEOUS tarpit