Three things you should do:
1. Run OSSEC HIDS (I do this on my servers as well as those at
http://www.greenesthost.com) with a firewall. In my case, we have
hardware (HW) firewalls on the network as well as software (SW)
firewalls on the local machine. The HW firewalls are configured to only
have those ports open that need to be open to the Internet (ssh, http,
https, ftp, etc). The software firewalls are either configured the same
way with additional ports open for internal network communication, or
are left generally wide open. OSSEC interfaces with the software
firewall to monitor intrusions and immediately block the offending IPs.
I also have it monitoring my mail logs in order to block spammers from
connecting at all. With OSSEC running, I don't even worry about
successful attacks on my servers. (http://www.ossec.net/,
http://ubuntuforums.org/showthread.php?t=213445)
2. Install mod_security in Apache. This will help block specific attacks
on your web server. (http://www.howtoforge.com/apache_mod_security)
3. Have sshd listen on a different port. This will get rid of 99% of ssh
attacks.
Hope this helps.
PGA
--
Paul G. Allen, BSIT/SE
Owner, Sr. Engineer
Random Logic Consulting
http://www.randomlogic.com
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
