On Tue, 2010-08-10 at 16:30 -0400, Bob Hoffman wrote: > Hello, > > I have read and seen many options for additions to Iptables as a firewall > and security system. All seem to react to logs and not to incoming packets > (as far as I have seen) > > I am interested in doing a number of security ideas to the firewall, > iptables, on my webserver. If you have a program you would suggest or > believe iptables is the proper solution, please feel free to post that. > > Here are some of the things I would like to do > > 1) I have switched my SSH to a different port. I would like to still check > for anyone trying to hit the old port 22 and log them. At the same time add > them to a reject/ban for a certain period of time, lets say 1 day. > > 2) there are certain apache hacks (like things that include ../) that I > would prefer to stop at the firewall. I would also like to log these > attempts and begin a reject/ban for a certain period of time. Or just log > until I figure out the best way to safely ban. > > 3) There are common script kiddie hacks that look for certain files 1 > million times a day. I would like to either look for them in the incoming > packets, log, and ban. Or I would like to be able to use my own php program > to route them out and then add to a ban list that iptables can use. > > > These are just some of the things I am looking at doing. I also want to > start a ban list for mail packets too, why bog down sendmail when I know > what they are? > > > I realize some things might be done via programs like fail2ban (like my php > program making a list) but others would be better at the firewall as active > reaction security measures. > > > Any input kindly accepted. > > Thank you for any help or ideas. > > > Bob > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos OSSEC http://www.ossec.net/ not exactly 'real-time', though, as it has to parse the logs. -- Calin Key fingerprint = 37B8 0DA5 9B2A 8554 FB2B 4145 5DC1 15DD A3EF E857 ================================================= Putt's Law: Technology is dominated by two types of people: Those who understand what they do not manage. Those who manage what they do not understand.