[OpenIndiana-discuss] denyhosts IPS package?

Gary Gendel gary at genashor.com
Wed Jan 15 14:44:14 UTC 2014 

Stefan,

Exactly right.  It does have hooks for some IMAP clients, see 
http://www.sshguard.net/docs/reference/attack-signatures/ but I haven't 
tested them.  I suspect that they will work since these messages 
shouldn't be modified for OpenIndiana.

I reported the changes I made to the sshguard team but I haven't heard 
back from them so I expect that Solaris/OpenIndiana support is not high 
on their priority list. :(

The executable is only around 400k on my system (not stripped) and I've 
never even seen it in top/prstat.

Gary

On 01/15/2014 09:20 AM, Stefan Müller-Wilken wrote:
> Hi Gary,
>
> haven't looked at sshguard so far and it is definitely worth a look. 'Lightweight' sounds quite attractive. :-) Ultimately I'd also like to secure IMAP (I haven't dared opening to the world for the missing dictionary attack protection) etc. but maybe that's a second step. So, if I understand you right, sshguard currently requires manual installation but will work as a first class SMF citizen afterwards?
>
> Cheers
>   Stefan
>
> ________________________________________
> Von: Gary Gendel [gary at genashor.com]
> Gesendet: Mittwoch, 15. Januar 2014 14:30
> An: openindiana-discuss at openindiana.org
> Betreff: Re: [OpenIndiana-discuss] denyhosts IPS package?
>
> On 01/15/2014 07:54 AM, Stefan Müller-Wilken wrote:
>> Hi there,
>>
>> is there a denyhosts package available? I'd like to more effectively ban dictionary attackers from my systems and looking at https://www.illumos.org/issues/228#note-8 a package was at least in discussion.
>>
>> @Ken: can you comment on this?
>>
>> Cheers
>>    Stefan.
>>
>> ________________________________
>> Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
> Stefan,
>
> Assuming you use ssh for remote login then I have updated sshguard so it
> works on OpenIndiana.  It will monitor log files to identify attacks and
> then uses ipfilter to block them.  I had to change the check for ssh
> invalid password to properly match OpenIndiana/Solaris ssh messages and
> updated the ipfilter insertion statement to match my ipfilter setup
> (specify which interface and add "group" tag). I also put together a
> rudimentary SMF file to make it a proper service.
>
> I personally prefer sshguard over fail2ban because it is so
> lightweight.  Once it started blocking brute force attacks on my server
> (which was often) they suddenly stopped.  Sshguard also can do the same
> for various MTA and other application logins but ssh is the only one
> I've tested.  Let me know if you want what I've done.
>
> Gary
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
> ________________________________
> Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list