[wellylug] Securing my ssh box
Jim Cheetham
jim at gonzul.net
Wed Aug 23 12:13:00 NZST 2006
On Wed, Aug 23, 2006 at 11:13:10AM +1200, David Antliff wrote:
>
>
> On Tue, 22 Aug 2006, Jim Cheetham wrote:
> >Also consider deploying something like DenyHosts
>
> Does anyone know if entries in /etc/hosts.allow override those in
> /etc/hosts.deny? This could be useful if you have a few known-good hosts
It's a faq :-) and whitelisting takes precedence over blacklisting.
I trim out denied hosts every day, taking out entries over 5 days old.
Haven't double-checked to see if there are repeat offenders; but getting
30 seconds worth of hacking every 5 days sounds like a decent
compromise.
The other similar products are worth looking at; I don't theink
DenyHosts is perfect, but it's on a couple of my production machines
with no real issues.
DenyHosts has recently sprung a central reporting option; you can send
your blacklist to a central point, and collect other people's reports.
This means that you can blacklist people who have not yet attacked you.
However, I'm worried that this will end up like spam blacklists; of
marginal use unless you really understand the 'cleanliness' of the
blacklist database.
-jim
More information about the wellylug
mailing list