Re: [CentOS] Securing SSH

2008-03-28 Thread Trey Sizemore 
On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
 Ray Leventhal wrote:
 James A. Peltier wrote:
 Rudi Ahlers wrote:
 Tim Alberts wrote:
 So I setup ssh on a server so I could do some work from home and 
 I think the second I opened it every sorry monkey from around the 
 world has been trying every account name imaginable to get into 
 the system.

 What's a good way to deal with this?

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

 1. Change the default port
 2. use only SSH protocol 2
 3. Install some brute force protection which can automatically ban  
 an IP on say 5 / 10 failed login attempts
 4. ONLY allow SSH access from your IP, if it's static. Or signup 
 for a DynDNS account, and then only allow SSH access from your 
 DynDNS domain


 Fail2Ban is a good brute force protector.  It works in conjunction  
 with IPTables to block IPs that are attacking for a said duration  
 of time. :)


 I haven't used Fail2Ban, but I do like what I've been experiencing  
 with apf[1]  and sim[2].  The Reactive Address Blocking (RAB) feature  
 in apf is a bit timesaver, but I expect Fail2Ban has something  
 similar.  apf is basically an easier (for me, anyway)  of managing  
 iptables.  Manually banning an ip or block is as easy as adding it to  
 the deny_hosts.rules file and restarting apf.  RAB really helps, again  
 imo.


 HTH,
 -Ray
 [1] http://rfxnetworks.com/apf.php
 [2] http://rfxnetworks.com/sim.php
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

 Here's a quick howto for Suse10.3, but the principles stay the same.  
 Fail2Ban can be used for many other things as well, like FTP, MySQL,  
 SMTP, etc  :)


I don't see the how-to...

-- 
Cheers,
Trey

 
Adversity is the trial of principle.
Without it, a man hardly knows whether he is honest or not. 
 --Henry Fielding
 
Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux
  2:21pm  up  19:37,  5 users,  load average: 0.68, 0.68, 0.65
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] 'service' command not present

2007-08-20 Thread Trey Sizemore 
I just did an install of CentOS 5 on one of my machines.  However, when
I try to use the 'service' command (such as 'service httpd start') I get
an error that the service command is not found.

Why would that be?  Where does this command come from?  I can launch
the services just fine using the respective /etc/init.d/ entries.

-- 
Cheers,
Trey

 
Dieters live life in the fasting lane.
 
Linux fedora7.thesizemores.us 2.6.22.1-41.fc7 i686 GNU/Linux
 16:51:36 up 1 day,  5:56,  2 users,  load average: 0.08, 0.02, 0.01
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 'service' command not present

2007-08-20 Thread Trey Sizemore 
On Mon Aug 20, 2007 04:57PM, Stephen Harris wrote:
 On Mon, Aug 20, 2007 at 04:54:11PM -0400, Trey Sizemore wrote:
  I just did an install of CentOS 5 on one of my machines.  However, when
  I try to use the 'service' command (such as 'service httpd start') I get
  an error that the service command is not found.
  
  Why would that be?  Where does this command come from?  I can launch
  the services just fine using the respective /etc/init.d/ entries.
 
 /sbin/service   (from initscripts)
 
 Either type the full command line or make sure it's on your PATH
 
 eg
 sudo /sbin/service httpd start
 
 

Thanks to both of you!.  That did the trick.

-- 
Cheers,
Trey

 
I'D LIKE TO BE BURIED INDIAN-STYLE, where they put you up on a high rack,
above the ground.  That way, you could get hit by meteorites and not even
feel it.
-- Jack Handley, The New Mexican, 1988.
 
Linux fedora7.thesizemores.us 2.6.22.1-41.fc7 i686 GNU/Linux
 17:02:48 up 1 day,  6:07,  2 users,  load average: 0.00, 0.00, 0.00
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos