[CentOS] Intrusion Detection Systems
Stephen John Smoogen
smooge at gmail.comWed Sep 26 22:05:08 UTC 2007
- Previous message: [CentOS] Intrusion Detection Systems
- Next message: [CentOS] Intrusion Detection Systems
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 9/26/07, John Hinton <webmaster at ew3d.com> wrote: > Situation: We are providing hosting services. > > I've grown tired of the various kiddie scripts/dictionary attacks on > various services. The latest has been against vsftpd, on systems that I > can't easily control vs. putting strict limits on ssh. We simply have > too many users entering from too many networks many with dynamic IP > addresses. > > Enter.... thinking about LIDS or Log Based Intrusion Detection. > > I've run across four systems. > > Blockhosts, DenyHosts, fail2ban and OSSEC. > > DenyHosts apparently only works with ssh, so I've discounted using that. denyhosts will work with anything that uses tcp_wrappers. You can futz it to work with ssh, vsftpd, etc. However beyond that I can't be of much help at the moment. I would say go with multiple layers as much as possible. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
- Previous message: [CentOS] Intrusion Detection Systems
- Next message: [CentOS] Intrusion Detection Systems
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list