I first noticed things weren't "quite right" on the auth.log when using fail2ban > 1.8.10 which is why I stuck to that version.
I now just use ufw and my trusted IPs in /etc/hosts.allow and
/etc/hosts.deny:sshd: ALL
I first noticed things weren't "quite right" on the auth.log when using fail2ban > 1.8.10 which is why I stuck to that version.
I now just use ufw and my trusted IPs in /etc/hosts.allow and
/etc/hosts.deny:sshd: ALL
Windows assumes the user is an idiot.
Linux demands proof.
The people in my company travel to different counties and need for fail2ban to protect ssh services from almost anywhere. It is hard to know the IP subnet for any company or hotel before arriving. I've been in 1 country, but had my traffic routed through another (as far as my geo-location though).
For example, in October, we had people in 6 countries on 3 continents.
Also, we really push for them to use x2go remote desktops when traveling and not have any data local to their computers - definitely not any email or proprietary data.
tcp-wrappers is handy, but not good enough for our needs on these public facing systems.
maybe VPN then?
yeah if you move you need something to make blacklists and to ban those that are naughty
Read the easy to understand, lots of pics Ubuntu manual.
Do i need antivirus/firewall in linux?
Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
User friendly full disk backup: Rescuezilla
These are ideas, but seems like having fail2ban work by default would be easier - you know - like it did in the last 5+ yrs?
Much more likely to switch to denyhosts first.
Plus maintaining this list when on travel isn't a good idea.
I've enabled the email updates when someone gets banned and logwatch isn't showing any more failed attempts since blocking that subnet. We don't listen on 22 on the public interface. Though I'm not comfortable using obscurity as a security method.
Last edited by TheFu; November 11th, 2014 at 11:24 AM.
well mine is also not working as expected and I've spent quite some time figuring what is wrong I even asked a guru if the command is worng as nothing happens as it should still investigating. I am doing some tests and when i get a new attempt&ban (shouldn't be too long) I plan to submit a bug.
Read the easy to understand, lots of pics Ubuntu manual.
Do i need antivirus/firewall in linux?
Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
User friendly full disk backup: Rescuezilla
Bookmarks