[CentOS] Iptables questions

Tue Aug 10 20:58:01 UTC 2010
kalinix <calin.kalinix.cosma at gmail.com>

On Tue, 2010-08-10 at 16:30 -0400, Bob Hoffman wrote:
> Hello,
> 
> I have read and seen many options for additions to Iptables as a firewall
> and security system. All seem to react to logs and not to incoming packets
> (as far as I have seen)
> 
> I am interested in doing a number of security ideas to the firewall,
> iptables, on my webserver. If you have a program you would suggest or
> believe iptables is the proper solution, please feel free to post that.
> 
> Here are some of the things I would like to do 
> 
> 1) I have switched my SSH to a different port. I would like to still check
> for anyone trying to hit the old port 22 and log them. At the same time add
> them to a reject/ban for a certain period of time, lets say 1 day.
> 
> 2) there are certain apache hacks (like things that include ../) that I
> would prefer to stop at the firewall. I would also like to log these
> attempts and begin a reject/ban for a certain period of time. Or just log
> until I figure out the best way to safely ban.
> 
> 3) There are common script kiddie hacks that look for certain files 1
> million times a day. I would like to either look for them in the incoming
> packets, log, and ban. Or I would like to be able to use my own php program
> to route them out and then add to a ban list that iptables can use.
> 
> 
> These are just some of the things I am looking at doing. I also want to
> start a ban list for mail packets too, why bog down sendmail when I know
> what they are?
> 
> 
> I realize some things might be done via programs like fail2ban (like my php
> program making a list) but others would be better at the firewall as active
> reaction security measures.
> 
> 
> Any input kindly accepted. 
> 
> Thank you for any help or ideas.
> 
> 
> Bob
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

OSSEC

http://www.ossec.net/


not exactly 'real-time', though, as it has to parse the logs.

-- 


Calin

Key fingerprint = 37B8 0DA5 9B2A 8554 FB2B 4145 5DC1 15DD A3EF E857

=================================================
Putt's Law: Technology is dominated by two types of people: Those who
understand what they do not manage. Those who manage what they do not
understand.