Changes

Jump to navigation Jump to search

SSH Filtering with IPTables (view source)

Revision as of 10:56, 7 February 2019

789 bytes added ,  10:56, 7 February 2019
→‎Xtables
Line 1: Line 1:  
==Introduction==
 
==Introduction==
 
After a recent rise in the amount of SSH attacks I decided to have a look at other methods of blocking SSH attacks.
 
After a recent rise in the amount of SSH attacks I decided to have a look at other methods of blocking SSH attacks.
 +
 +
=== AutoBlock ===
 +
[[AutoBlock]] is enabled by default on SME9 and later. By design only IP outside your local network will be blocked if too many attempts are done.
 +
 +
Default values
 +
AutoBlockTime=900          # 900 seconds  (15 minutes).
 +
AutoBlockTries=4            # meaning that 3 Tries are allowed, the fourth try is blocked.
 +
AutoBlock=disabled          # default for SME Server 8
 +
AutoBlock=enabled          # default for SME Server 9
 +
However there is no whitelist, you can easily lock you out.
    
===DenyHosts===
 
===DenyHosts===
Line 10: Line 20:  
However, it was sending me a lot of mails. Yes, I could disable them.
 
However, it was sending me a lot of mails. Yes, I could disable them.
   −
However, it has to check the logs and find failed logins and then create a list for ssh to check against. SO it will allow at least one connection.
+
However, it has to check the logs and find failed logins and then create a list for ssh to check against. So it will allow at least one failed connection. It is, quite lightweight as it will update a simple plain text file called by /etc/hosts.deny on every ssh connection.
    
I wanted something a bit quicker that would bulk block a lot of IPs immediately.
 
I wanted something a bit quicker that would bulk block a lot of IPs immediately.
Line 34: Line 44:  
There are some xtables RPMs floating about that work with GeoIP v1 DBs but not sure about v2 DBs. Needs investigation
 
There are some xtables RPMs floating about that work with GeoIP v1 DBs but not sure about v2 DBs. Needs investigation
    +
07/02/20109 - These are in the process of being imported. They will work with GeoIP2.
 +
 +
smeserver-xt_geoip
 +
xtables-addons
 +
 +
They should be in smetest shortly.
    
===hosts.allow===
 
===hosts.allow===
Line 164: Line 180:     
It may be worth looking at adding a specific AllowHosts section in the chain, or somewhere in masq to Allow Specific hosts, but block the rest of a country.
 
It may be worth looking at adding a specific AllowHosts section in the chain, or somewhere in masq to Allow Specific hosts, but block the rest of a country.
      
[[Category:SSH]]
 
[[Category:SSH]]
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/37875...37879"

Navigation menu