Robert Collins wrote:
Also, passwordauthentication no in sshd_config
is a very useful step ;)
-Rob
I've been using fail2ban for a while and hand rolled a script that runs
every fifteen minutes that:
a) grabs all the ip addresses from the fail2ban log
b) adds them to /etc/hosts.deny
c) copies them to the other machines on our network for addition to
/etc/fail.ban.
We run the same script on all the machines on our outer network that are
accessible from the net. They all cross-fertilise each other at
different times.
Not perfect but it's a start.
N/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html