On Thursday 16 March 2017 01:46 AM, Daddy wrote: > I have the same experience - I'm using freedombox as (internet exposed) > router, and I get several root login ssh attempts from various ip > addresses every few seconds. > > I've installed fail2ban, but as pam-abl is present, that was probably an > overkill. >
Fail2ban is good choice in this case because we wish to stop attempts from happening (and logs from filling up). Fail2ban actively discourages an adversary by blocking their packet traffic which libpam-abl does not. Fail2ban also has the infrastructure for making web based login attempts harder. There have been previous discussions about adding fail2ban to FreedomBox by default. I opened a new issues to implement this fail2ban for SSH[1] and Plinth[2]. If someone is interested they can pick it up (slightly more than 'beginner' level difficulty). Links: 1) https://github.com/freedombox/Plinth/issues/759 2) https://github.com/freedombox/Plinth/issues/760 -- Sunil
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss