[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
help? fighting ssh user/password guessing attempts
in my /var/log/authlog I can see many hackers attempting to get access to
my system by trying arbitrary usernames. First of all I have disabled
password authentication so valid users can ony login with a key. Still I'd
like to lock the respective hosts out, from where these attacks originate.
My research has brought up several programs / demons that parse the
authlog file at certain time intervals and adjust the firewall
accordingly. Among them are fail2ban, denyhost OSsec, and blockhosts.
I've also found PAM-af, which is available through pkgsrc
http://www.netbsd.org/packages/security/pam-af. If I understand correctly,
this hooks immediately into the authentication framework and can repel
attacks at the place where they get detected first. Although I have read
Chapter 17 of the NetBSD Guide
http://www.netbsd.org/docs/guide/en/chap-pam.html I don't really
understand it. What config files do I have to modify how? Is PAM and / or
a firewall (which? - PF, IPFilter, iptables) enabled by default?
I still need more assistance in setting PAM-af up. Can somebody please
help me or point out a howto? Does anybody have experience with PAM-af?
Main Index |
Thread Index |