On Tue, 2010-08-10 at 16:30 -0400, Bob Hoffman wrote:
Hello,
I have read and seen many options for additions to Iptables as a firewall and security system. All seem to react to logs and not to incoming packets (as far as I have seen)
I am interested in doing a number of security ideas to the firewall, iptables, on my webserver. If you have a program you would suggest or believe iptables is the proper solution, please feel free to post that.
Here are some of the things I would like to do
- I have switched my SSH to a different port. I would like to still check
for anyone trying to hit the old port 22 and log them. At the same time add them to a reject/ban for a certain period of time, lets say 1 day.
- there are certain apache hacks (like things that include ../) that I
would prefer to stop at the firewall. I would also like to log these attempts and begin a reject/ban for a certain period of time. Or just log until I figure out the best way to safely ban.
- There are common script kiddie hacks that look for certain files 1
million times a day. I would like to either look for them in the incoming packets, log, and ban. Or I would like to be able to use my own php program to route them out and then add to a ban list that iptables can use.
These are just some of the things I am looking at doing. I also want to start a ban list for mail packets too, why bog down sendmail when I know what they are?
I realize some things might be done via programs like fail2ban (like my php program making a list) but others would be better at the firewall as active reaction security measures.
Any input kindly accepted.
Thank you for any help or ideas.
Bob
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
OSSEC
not exactly 'real-time', though, as it has to parse the logs.