Displaying 20 results from an estimated 10000 matches similar to: "Simple way to banish IP addresses ?"
2009 Nov 04
7
Who's eating our bandwidth?
Hi,
I've recently setup a new server for our public libraries. For the last
two years, this has been my first "big" job, since it involves
networking eleven small to medium size public libraries.
There was a hiccup some time ago when the administration hiring me
wanted to do it on their own, but it took them less than two weeks to
get the server hacked and lose everything. So
2009 Aug 20
5
protecting multiuser systems from bruteforce ssh attacks
Hello,
What is the best way to protect multiuser systems from brute force
attacks? I am setting up a relatively loose DenyHosts policy, but I
like the idea of locking an account for a time if too many attempts
are made, but to balance this with keeping the user from making a
helpdesk call.
What are some policies/techniques that have worked for this list with
minimal hassle?
Thanks!
-Eugene
2006 Aug 30
3
No tcp wrappers, other ideas to help stop brute force attacks?
I'm looking for a way to deny access to dovecot from certain IP
addresses, basically to help prevent brute force attacks on the
server.
Right now I'm using denyhosts which scans /var/log/secure for
authentication failures which then can add an entry to
/etc/hosts.deny, but since dovecot doesn't have tcp wrappers support,
that doesn't do anything.
It doesn't look like I can
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
Hi,
to prevent scripted dictionary attacks to sshd
I applied those iptables rules:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH --rsource
And this is part of logwatch:
sshd:
Authentication Failures:
unknown
2020 Feb 13
3
CentOS 7, Fail2ban and SELinux
Hi,
I'm running CentOS 7 on an Internet-facing server. SELinux is in permissive
mode for debugging. I've removed FirewallD and replaced it with a custom-made
Iptables script. I've also installed and configured Fail2ban (fail2ban-server
package) to protect the server from brute force attacks.
Out of the box, Fail2ban doesn't seem to play well with SELinux. Here's what I
2011 Nov 30
12
duqu
There's an article on slashdot about the Duqu team wiping all their
intermediary c&c servers on 20 Oct. Interestingly, the report says that
they were all (?) not only linux, but CentOS. There's a suggestion of a
zero-day exploit in openssh-4.3, but both the original article, and
Kaspersky labs (who have a *very* interesting post of the story) consider
that highly unlikely, and the
2019 Mar 07
3
Ask for advice on exact requirements to fix #699 mixed CJK numbers
I am working on "#699 Better tokenisation of mixed CJK numbers",
and have implemented a partial patch of Chinese for this ticket.
Current code works well with special test cases and
all tests in xapian-core could still pass.
But I'm confused with exact requirements of the question,
for how much we could pay with performance on enabling more cases,
and if there are better methods to
2010 Feb 02
6
Display a warning message at a certain time ?
Hi,
I'm currently installing a CentOS 5 desktop as a public internet access
point. The machine shuts down every day automatically at 22:30. Is there
a way I can display a message in GNOME at 22:15 warning the user that
the machine will shutdown in 15 minutes ?
Any suggestions ?
Niki Kovacs
2008 Nov 28
6
How to delay failed ssh auth
Hi!
I need to delay failed ssh password authentication as an additional
measure against brute force ssh attacks. I understand, that shoud be
accomplished through pam, but googling gave me no example. I have CentOS
5.2.
--
Veiko Kukk
2015 Feb 18
3
CentOS 7: software RAID 5 array with 4 disks and no spares?
Le 18/02/2015 09:24, Michael Volz a ?crit :
> Hi Niki,
>
> md127 apparently only uses 81.95GB per disk. Maybe one of the partitions has the wrong size. What's the output of lsblk?
[root at nestor:~] # lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 232,9G 0 disk
??sda1 8:1 0 3,9G 0 part
? ??md126 9:126 0 3,9G 0 raid1 [SWAP]
??sda2 8:2
2015 Mar 11
3
SquidAnalyzer: minor trouble building RPM
Hi,
I'm using the SquidAnalyzer network analysis tool in combination with
Squid. Up until now, I've been running Slackware Linux on my servers. I
built a custom package that installs SquidAnalyzer to
/var/www/vhosts/squidreport/html. Then I setup an Apache virtual host
for SquidAnalyzer's pages.
Since I'm migrating my servers from Slackware to CentOS, I'd like to
build a
2015 Feb 27
5
Package group "X Window System" has disappeared
Hi,
Until last week, I could install a CentOS 7 based desktop using the
following approach:
1. Install minimal system.
2. yum groupinstall "X Window System"
3. yum install gdm gnome-classic-session gnome-terminal liberation-fonts
4. Install applications as needed.
This morning, the package group "X Window System" seems to have
disappeared. This is embarrassing.
What
2008 Jul 21
20
Ideas for stopping ssh brute force attacks
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc.... None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and
2009 Sep 20
4
Testing and using a microphone
Hi,
What's the most simple way to check if my microphone works on a plain
CentOS 5.3 desktop? Is there a simple way, for example, to record voice
into a simple .wav file?
Niki
2015 Feb 03
6
Another Fedora decision
On Tue, Feb 3, 2015 at 2:03 PM, Always Learning <centos at u64.u22.net> wrote:
>
> Nothing wrong with letting "an expert" preconfigure the system and then,
> after installation, the SysAdmin checking to ensure all the settings
> satisfy the SysAdmin's requirements.
>
I'd just rather see them applying their expertise to actually making
the code resist
2008 Mar 25
16
Securing SSH
So I setup ssh on a server so I could do some work from home and I think
the second I opened it every sorry monkey from around the world has been
trying every account name imaginable to get into the system.
What's a good way to deal with this?
2009 Nov 25
8
Docx format ?
Hi,
Is there any way I can read a .docx file on my CentOS desktop ?
Cheers,
Niki
2009 Jul 03
3
Remote identity management
Hi,
Until now, I've only managed local user management on small network with
no more than five or six machines, e. g. all user data stored locally on
each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd
like to learn remote identity management, that is, all user data stored
centrally on one machine (so I don't have to wonder who has which UID
and GID when I want
2015 Feb 09
3
Recommendations for good CentOS 7 documentation
Hi,
I'm looking for recommendations for documentation about the
specificities of RHEL/CentOS 7.x. It can be either online or in printed
book format, and I'm fluent in german, french and english.
I have a good books about 5.x: "RHEL 5 Unleashed" from Sams,
"Foundations of CentOS Linux" and "The Definitive Guide to CentOS", both
from Apress.
Can anyone
2008 Sep 14
5
Slackware's 'explodepkg' equivalent for rpm?
Hi,
Is there any 'explodepkg' equivalent for the rpm command? What I want is
simply uncompress an RPM package to get the files directly, but I didn't
find anything in rpm's manpage.
Cheers,
Niki Kovacs