[SAC] installing fail2ban?
Alex Mandel
tech_dev at wildintellect.com
Fri May 27 21:21:23 EDT 2011
+1 on fail2ban
I brought up the Root login question when we did the setup of the VMs.
Root doesn't actually have a password (afaik) and most OSGeo SAC members
can only get to it via ssh keys that were installed on the system. So
while I'm not in love with Root login via ssh, we don't have console
access to the VMs so it would pose an issue when LDAP is down.
Thanks,
Alex
On 05/27/2011 05:24 PM, Hamish wrote:
> Hi,
>
> Any objection to installing fail2ban on the adhoc VM? It's a
> daemon which watches /var/log/auth.log and if an IP has more than
> say 6 failed paswd ssh attempts in say 10 minutes, it alters
> the firewall rules to drop traffic from them for (say) 10 minutes.
> Effectively it stops brute force paswd attacks but is not too
> harsh on forgetful and butter-fingered users.
>
> Perhaps installing portsentry and more fine-grained firewalls in
> general could be explored? stronger encouragement of public/
> private key use?
>
> Also I'd suggest to check that /etc/ssh/sshd_config contains
> PermitRootLogin no
> But I'm not sure if OSUOSL or anyone is using that?
>
>
> Compared to some of my other systems, the failed ssh attempts on
> adhoc are not so high, but they still dwarf the number of real
> user logins:
>
> zcat /var/log/auth.log* | grep 'Failed password' | \
> grep sshd | awk '{print $1,$2}' | sort -k 1,1M -k 2n | \
> uniq -c
>
> cat /var/log/auth.log* | grep 'Failed password' | \
> grep sshd | awk '{print $1,$2}' | sort -k 1,1M -k 2n | \
> uniq -c
>
> 118 Apr 24
> 7071 Apr 25
> 342 Apr 26
> 2 Apr 27
> 39 Apr 29
> 2203 Apr 30
> 1 May 1
> 563 May 4
> 61 May 5
> 1 May 6
> 9 May 7
> 4 May 8
> 38 May 9
> 429 May 11
> 33 May 12
> 22 May 13
> 1 May 14
> 264 May 15
> 1 May 16
> 1403 May 17
> 1 May 19
> 493 May 20
> 130 May 21
> 274 May 22
> 72 May 23
> 19 May 25
> 477 May 26
> 334 May 27
>
>
> regards,
> Hamish
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
More information about the Sac
mailing list