Fail2ban: Difference between revisions
(Created page with "fail2ban watches log files for misbehavior, and creates firewall rules, to stop things like brute force ssh attempts. It takes a few commands to get going though, and I guess...") |
No edit summary |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
It takes a few commands to get going though, and I guess it doesn't run as a normal service? | It takes a few commands to get going though, and I guess it doesn't run as a normal service? | ||
🌵 m@bitpost [~ | 🌵 m@bitpost [~]sudo fail2ban-client add mdmjail | ||
Added jail mdmjail | Added jail mdmjail | ||
🌵 m@bitpost [~ | 🌵 m@bitpost [~] sudo fail2ban-client start mdmjail | ||
Jail started | Jail started | ||
🌵 m@bitpost [~ | 🌵 m@bitpost [~] sudo fail2ban-client set mdmjail addlogpath /var/log/messages | ||
Current monitored log file(s): | Current monitored log file(s): | ||
`- /var/log/messages | `- /var/log/messages | ||
🌵 m@bitpost [~ | 🌵 m@bitpost [~]sudo fail2ban-client status | ||
Status | Status | ||
|- Number of jail: 1 | |- Number of jail: 1 | ||
`- Jail list: mdmjail | `- Jail list: mdmjail | ||
Still not working yet... | |||
* turn off passwords entirely! best, but possibly not convenient | |||
** make sure to set up juicessh with the key | |||
** make sure you have a script you can run from bitpost to temporarily turn it back on to set up new machines, run from phone and then start a cron job to turn it off in x minutes | |||
* check out [https://github.com/denyhosts/denyhosts denyhosts] | |||
other ideas that aren't sounding as good on second thought... | |||
* Check out port knocking - not convenient? not sure yet | |||
* consider a non-default port - but that is not convenient | |||
* deep dive into how to set up a truly painful tarpit for attackers | |||
** [http://mikhailian.mova.org/node/147 slow down response] - ok moron but not on good attempts, i need 300 or so simultaneous connections | |||
** check out this FUCKING RIGHTEOUS [https://sysadminblog.net/2013/08/debian-iptables-tarpit/ tarpit] | |||
** AND... here's why you shouldn't do a tarpit without a shitton of protective work, you'll get [https://serverfault.com/questions/611063/does-tarpit-have-any-known-vulnerabilities-or-downsides/638899#638899 DOS'ed] | |||
Latest revision as of 14:05, 30 November 2017
fail2ban watches log files for misbehavior, and creates firewall rules, to stop things like brute force ssh attempts.
It takes a few commands to get going though, and I guess it doesn't run as a normal service?
🌵 m@bitpost [~]sudo fail2ban-client add mdmjail Added jail mdmjail 🌵 m@bitpost [~] sudo fail2ban-client start mdmjail Jail started 🌵 m@bitpost [~] sudo fail2ban-client set mdmjail addlogpath /var/log/messages Current monitored log file(s): `- /var/log/messages 🌵 m@bitpost [~]sudo fail2ban-client status Status |- Number of jail: 1 `- Jail list: mdmjail
Still not working yet...
- turn off passwords entirely! best, but possibly not convenient
- make sure to set up juicessh with the key
- make sure you have a script you can run from bitpost to temporarily turn it back on to set up new machines, run from phone and then start a cron job to turn it off in x minutes
- check out denyhosts
other ideas that aren't sounding as good on second thought...
- Check out port knocking - not convenient? not sure yet
- consider a non-default port - but that is not convenient
- deep dive into how to set up a truly painful tarpit for attackers
- slow down response - ok moron but not on good attempts, i need 300 or so simultaneous connections
- check out this FUCKING RIGHTEOUS tarpit
- AND... here's why you shouldn't do a tarpit without a shitton of protective work, you'll get DOS'ed