[OpenIndiana-discuss] denyhosts IPS package?
Gary Gendel
gary at genashor.com
Wed Jan 15 13:30:06 UTC 2014
On 01/15/2014 07:54 AM, Stefan Müller-Wilken wrote:
> Hi there,
>
> is there a denyhosts package available? I'd like to more effectively ban dictionary attackers from my systems and looking at https://www.illumos.org/issues/228#note-8 a package was at least in discussion.
>
> @Ken: can you comment on this?
>
> Cheers
> Stefan.
>
> ________________________________
> Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
Stefan,
Assuming you use ssh for remote login then I have updated sshguard so it
works on OpenIndiana. It will monitor log files to identify attacks and
then uses ipfilter to block them. I had to change the check for ssh
invalid password to properly match OpenIndiana/Solaris ssh messages and
updated the ipfilter insertion statement to match my ipfilter setup
(specify which interface and add "group" tag). I also put together a
rudimentary SMF file to make it a proper service.
I personally prefer sshguard over fail2ban because it is so
lightweight. Once it started blocking brute force attacks on my server
(which was often) they suddenly stopped. Sshguard also can do the same
for various MTA and other application logins but ssh is the only one
I've tested. Let me know if you want what I've done.
Gary
More information about the OpenIndiana-discuss
mailing list