[OpenIndiana-discuss] denyhosts IPS package?
Stefan Müller-Wilken
stefan.mueller-wilken at acando.de
Wed Jan 15 14:20:48 UTC 2014
Hi Gary,
haven't looked at sshguard so far and it is definitely worth a look. 'Lightweight' sounds quite attractive. :-) Ultimately I'd also like to secure IMAP (I haven't dared opening to the world for the missing dictionary attack protection) etc. but maybe that's a second step. So, if I understand you right, sshguard currently requires manual installation but will work as a first class SMF citizen afterwards?
Cheers
Stefan
________________________________________
Von: Gary Gendel [gary at genashor.com]
Gesendet: Mittwoch, 15. Januar 2014 14:30
An: openindiana-discuss at openindiana.org
Betreff: Re: [OpenIndiana-discuss] denyhosts IPS package?
On 01/15/2014 07:54 AM, Stefan Müller-Wilken wrote:
> Hi there,
>
> is there a denyhosts package available? I'd like to more effectively ban dictionary attackers from my systems and looking at https://www.illumos.org/issues/228#note-8 a package was at least in discussion.
>
> @Ken: can you comment on this?
>
> Cheers
> Stefan.
>
> ________________________________
> Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
Stefan,
Assuming you use ssh for remote login then I have updated sshguard so it
works on OpenIndiana. It will monitor log files to identify attacks and
then uses ipfilter to block them. I had to change the check for ssh
invalid password to properly match OpenIndiana/Solaris ssh messages and
updated the ipfilter insertion statement to match my ipfilter setup
(specify which interface and add "group" tag). I also put together a
rudimentary SMF file to make it a proper service.
I personally prefer sshguard over fail2ban because it is so
lightweight. Once it started blocking brute force attacks on my server
(which was often) they suddenly stopped. Sshguard also can do the same
for various MTA and other application logins but ssh is the only one
I've tested. Let me know if you want what I've done.
Gary
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
________________________________
Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
More information about the OpenIndiana-discuss
mailing list