subject:"Re\: \[nlug\] fail2ban alternative for CentOS 7"

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-03 Thread John R. Dennison

On Wed, May 03, 2023 at 07:22:28PM -0500, Michael L wrote:
> google search yielded:
> "By default, fail2ban works with iptables. However,
> *this has been deprecated in favor of the firewalld" .  *

fail2ban is available in EPEL for EL7:

yum --enablerepo=extras install epel-release
yum --enablerepo=epel install fail2ban-server fail2ban-sendmail fail2ban-systemd

Configure as necessary and then enable and start with:

systemctl enable fail2ban.service
systemctl start fail2ban.service

> I have a 29 character root password and will lengthen the other sudo
> passwords.  I hope to be rid of this CentOS 7 system soon, but until then
> it's best to install an additional roadblock to the brute force login
> attempts.

Move sshd to another port; it does nothing to heighten security but it
will reduce log / alert volume by more than a bit.





John

-- 
In view of the fact that God limited the intelligence of man, it seems
unfair that he did not also limit his stupidity.

-- Konrad Hermann Josef Adenauer (1876-1967), West German Chancellor from
   1949-1963, as quoted in Through Russian Eyes: President Kennedy's 1036
   Days (1973) by Anatoli-Andreevich Gromyko

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/20230504003823.GC24663%40elros.gerdesas.com.


signature.asc
Description: PGP signature

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-05 Thread Thomas Bartkus

John R. Dennison said:
>> Move sshd to another port; it does nothing to heighten security but 
it 
>> will reduce log / alert volume by more than a bit.  

Yes.  Moving to an odd port dramatically cuts the number of pwd attacks.
And I would call that increased security.

On Wednesday, May 3, 2023 at 7:38:29 PM UTC-5 John R. Dennison wrote:

> On Wed, May 03, 2023 at 07:22:28PM -0500, Michael L wrote:
> > google search yielded:
> > "By default, fail2ban works with iptables. However,
> > *this has been deprecated in favor of the firewalld" . *
>
> fail2ban is available in EPEL for EL7:
>
> yum --enablerepo=extras install epel-release
> yum --enablerepo=epel install fail2ban-server fail2ban-sendmail 
> fail2ban-systemd
>
> Configure as necessary and then enable and start with:
>
> systemctl enable fail2ban.service
> systemctl start fail2ban.service
>
> > I have a 29 character root password and will lengthen the other sudo
> > passwords. I hope to be rid of this CentOS 7 system soon, but until then
> > it's best to install an additional roadblock to the brute force login
> > attempts.
>
> Move sshd to another port; it does nothing to heighten security but it
> will reduce log / alert volume by more than a bit.
>
>
>
>
>
> John
>
> -- 
> In view of the fact that God limited the intelligence of man, it seems
> unfair that he did not also limit his stupidity.
>
> -- Konrad Hermann Josef Adenauer (1876-1967), West German Chancellor from
> 1949-1963, as quoted in Through Russian Eyes: President Kennedy's 1036
> Days (1973) by Anatoli-Andreevich Gromyko
>

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/f49ad314-cb61-4ce4-96f8-64a5d4d44e89n%40googlegroups.com.

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-05 Thread John R. Dennison

On Fri, May 05, 2023 at 10:16:59AM -0700, Thomas Bartkus wrote:
> 
> Yes.  Moving to an odd port dramatically cuts the number of pwd attacks.
> And I would call that increased security.

Security through obscurity does not work :)  This is merely a method to
reduce alert & log volume so one can concentrate on more important
matters.  You will find that persistent pests will find the alternate
port and start probing but the automated skiddies will go on to
lower-hanging fruit.





John
-- 
Engineer (n): Someone who does precision guesswork based upon unreliable
  data provided by those of questionable knowledge".

- short-bike - Libera.Chat

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/20230505204452.GD24663%40elros.gerdesas.com.


signature.asc
Description: PGP signature

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-05 Thread THOMAS BARTKUS

>> Security through obscurity does not work :)

That's a canard. It would be more accurate to say that it is not enough. And it 
isn't. But anything that prevents a significant number hack attempts is 
helpful. So one should strive for obscurity. Just because there are "persistent 
pests" out there doesn't mean you should make it easier for them.

> On 05/05/2023 3:44 PM John R. Dennison  wrote:
> 
>  
> On Fri, May 05, 2023 at 10:16:59AM -0700, Thomas Bartkus wrote:
> > 
> > Yes.  Moving to an odd port dramatically cuts the number of pwd attacks.
> > And I would call that increased security.
> 
> Security through obscurity does not work :)  This is merely a method to
> reduce alert & log volume so one can concentrate on more important
> matters.  You will find that persistent pests will find the alternate
> port and start probing but the automated skiddies will go on to
> lower-hanging fruit.
> 
> 
> 
> 
> 
>   John
> -- 
> Engineer (n): Someone who does precision guesswork based upon unreliable
>   data provided by those of questionable knowledge".
> 
> - short-bike - Libera.Chat
> 
> -- 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "NLUG" group.
> To post to this group, send email to nlug-talk@googlegroups.com
> To unsubscribe from this group, send email to 
> nlug-talk+unsubscr...@googlegroups.com
> For more options, visit this group at 
> http://groups.google.com/group/nlug-talk?hl=en
> 
> --- 
> You received this message because you are subscribed to a topic in the Google 
> Groups "NLUG" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/nlug-talk/Ad0OLivuvJw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> nlug-talk+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/nlug-talk/20230505204452.GD24663%40elros.gerdesas.com.

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/135173.3453284.1683324014451%40connect.xfinity.com.

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-05 Thread Kent Perrier

On Fri, May 5, 2023 at 12:17 PM Thomas Bartkus 
wrote:

> John R. Dennison said:
> >> Move sshd to another port; it does nothing to heighten security but
> it
> >> will reduce log / alert volume by more than a bit.
>
> Yes.  Moving to an odd port dramatically cuts the number of pwd attacks.
> And I would call that increased security.
>

Moving to 2FA would be the better move.

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/CA%2B6_KC82mhG7mQ4GMHjV4KeQgymVMFcNLAf8-%3DEyrQkeYeVp9Q%40mail.gmail.com.

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-06 Thread John R. Dennison

On Fri, May 05, 2023 at 05:00:14PM -0500, THOMAS BARTKUS wrote:
> 
> That's a canard. It would be more accurate to say that it is not
> enough. And it isn't. But anything that prevents a significant number
> hack attempts is helpful. So one should strive for obscurity. Just
> because there are "persistent pests" out there doesn't mean you should
> make it easier for them.

After playing the game for 40+ years I stand by my statement.





John

-- 
He may be mad, but there's method in his madness.  There nearly always is
method in madness.  It's what drives men mad, being methodical.

-- G. K. Chesterton, The Fad of the Fisherman (1922)

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/20230506112032.GE24663%40elros.gerdesas.com.


signature.asc
Description: PGP signature

Re: [nlug] fail2ban alternative for CentOS 7

2023-05-09 Thread Vincent Brown

I hear good things about  CrowdSec - The open-source & collaborative IPS 
. It's like fail2ban but the users share 
attacker's IP addresses with each other so if a hacker tries to break into 
another user before coming to your IP, they won't even be able to connect 
to you to try attacking you.

Also, consider https://almalinux.org/ as a Centos replacement.

On Saturday, May 6, 2023 at 6:20:37 AM UTC-5 John R. Dennison wrote:

> On Fri, May 05, 2023 at 05:00:14PM -0500, THOMAS BARTKUS wrote:
> > 
> > That's a canard. It would be more accurate to say that it is not
> > enough. And it isn't. But anything that prevents a significant number
> > hack attempts is helpful. So one should strive for obscurity. Just
> > because there are "persistent pests" out there doesn't mean you should
> > make it easier for them.
>
> After playing the game for 40+ years I stand by my statement.
>
>
>
>
>
> John
>
> -- 
> He may be mad, but there's method in his madness. There nearly always is
> method in madness. It's what drives men mad, being methodical.
>
> -- G. K. Chesterton, The Fad of the Fisherman (1922)
>

-- 
-- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from this group, send email to 
nlug-talk+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/nlug-talk?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"NLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nlug-talk+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nlug-talk/e8fda106-c82e-4291-8f36-ff1021694410n%40googlegroups.com.

Re: [nlug] fail2ban alternative for CentOS 7

Re: [nlug] fail2ban alternative for CentOS 7

Re: [nlug] fail2ban alternative for CentOS 7

Re: [nlug] fail2ban alternative for CentOS 7

Re: [nlug] fail2ban alternative for CentOS 7

Re: [nlug] fail2ban alternative for CentOS 7

Re: [nlug] fail2ban alternative for CentOS 7

7 matches

Site Navigation

Mail list logo

Footer information