Stefan,
Exactly right. It does have hooks for some IMAP clients, see
http://www.sshguard.net/docs/reference/attack-signatures/ but I haven't
tested them. I suspect that they will work since these messages
shouldn't be modified for OpenIndiana.
I reported the changes I made to the sshguard team but I haven't heard
back from them so I expect that Solaris/OpenIndiana support is not high
on their priority list. :(
The executable is only around 400k on my system (not stripped) and I've
never even seen it in top/prstat.
Gary
On 01/15/2014 09:20 AM, Stefan Müller-Wilken wrote:
Hi Gary,
haven't looked at sshguard so far and it is definitely worth a look.
'Lightweight' sounds quite attractive. :-) Ultimately I'd also like to secure
IMAP (I haven't dared opening to the world for the missing dictionary attack
protection) etc. but maybe that's a second step. So, if I understand you right,
sshguard currently requires manual installation but will work as a first class
SMF citizen afterwards?
Cheers
Stefan
________________________________________
Von: Gary Gendel [g...@genashor.com]
Gesendet: Mittwoch, 15. Januar 2014 14:30
An: openindiana-discuss@openindiana.org
Betreff: Re: [OpenIndiana-discuss] denyhosts IPS package?
On 01/15/2014 07:54 AM, Stefan Müller-Wilken wrote:
Hi there,
is there a denyhosts package available? I'd like to more effectively ban
dictionary attackers from my systems and looking at
https://www.illumos.org/issues/228#note-8 a package was at least in discussion.
@Ken: can you comment on this?
Cheers
Stefan.
________________________________
Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido
Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
Stefan,
Assuming you use ssh for remote login then I have updated sshguard so it
works on OpenIndiana. It will monitor log files to identify attacks and
then uses ipfilter to block them. I had to change the check for ssh
invalid password to properly match OpenIndiana/Solaris ssh messages and
updated the ipfilter insertion statement to match my ipfilter setup
(specify which interface and add "group" tag). I also put together a
rudimentary SMF file to make it a proper service.
I personally prefer sshguard over fail2ban because it is so
lightweight. Once it started blocking brute force attacks on my server
(which was often) they suddenly stopped. Sshguard also can do the same
for various MTA and other application logins but ssh is the only one
I've tested. Let me know if you want what I've done.
Gary
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
________________________________
Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido
Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
