Thread: Securing Linux
View Single Post
Old 08-21-07, 08:41 PM   #4
Registered User
Join Date: Jul 2005
Posts: 3,606
Default Re: Securing Linux

I use fail2ban, it's quite powerful, I use it to detect 404 and 401 errors on my webserver and ban them immediately, if they connect to an IP and not a vhost. It works very well at mitigating the brute-force and script-kiddie attacks. I also use it for SSH, but again, I run it on a high TCP port, not TCP 22, and I don't see brute force attacks. That, and I'm using key-based authentication, not password authentication.

OSSEC-HIDS is a great IDS for a local machine and it's log analysis engine is outstanding; think of it as Snort for logs.

There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.
evilghost is offline   Reply With Quote