Re: web alternative to knockd for a "secure" sshd server?
Nick Demou wrote:
> Any other idea of simple measures that will keep as many attackers
> away from the one and only service that is listening to the Internet?
Different approach, but the same goal:
aptitude install fail2ban
> bans IPs that cause multiple authentication
> errors Monitors log files (e.g. /var/log/auth.log,
> /var/log/apache/access.log) and temporarily or persistently bans
> failure-prone addresses by updating existing firewall rules. The
> software was completely rewritten ▒ at version 0.7.0 and now allows
> easy specification of different actions to be taken such as to ban an
> IP▒ using iptables or hostsdeny rules, or simply to send a
> notification email. Currently, by default, ▒ supports
> ssh/apache/vsftpd but configuration can be easily extended for
> monitoring any other ASCII file.▒ All filters and actions are given
> in the config files, thus fail2ban can be adopted to be used with a
> ▒ variety of files and firewalls.
> ▒ ▒ Homepage: http://www.sourceforge.net/projects/fail2ban
Maybe not as perfect as your approach, but very simple: just install and
forget.
Johannes
Reply to: