similar to: Securing SSH wiki article outdated

On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > On 02/13/2015 09:15 AM, Chris Adams wrote: > > Yeah, the old "move stuff to alternate ports" thing is largely a waste > > of time and just makes it more difficult for legitimate use. With > > large bot networks and tools like zmap, finding services on alternate > > ports is not that hard for the

> On 12/02/15 20:03, Warren Young wrote: > > Hi, just a quick note to whoever is maintaining this page: > > > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > > > The procedure is missing the firewall-cmd calls necessary in EL7: > > > > firewall-cmd --add-port 2345/tcp > > firewall-cmd --add-port 2345/tcp --permanent > > This

On 02/13/2015 05:41 AM, James Hogarth wrote: > This is horrible advice anyway. It's not a good idea to run SSH on a port > greater than 1024 since if a crash exploit is used to kill the process a > non-root trojan process faking SSH to gather credentials could then bind on > that port trivially totally compromising the system. This is where an SELinux policy on your server can

On Fri, February 13, 2015 9:05 am, Always Learning wrote: > > On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > >> On 02/13/2015 09:15 AM, Chris Adams wrote: >> > Yeah, the old "move stuff to alternate ports" thing is largely a waste >> > of time and just makes it more difficult for legitimate use. With >> > large bot networks and tools like

On 02/13/2015 09:15 AM, Chris Adams wrote: > Yeah, the old "move stuff to alternate ports" thing is largely a waste > of time and just makes it more difficult for legitimate use. With > large bot networks and tools like zmap, finding services on alternate > ports is not that hard for the "bad guys". Having SSH on 22 is lower-hanging fruit than having SSH on a

Always Learning wrote: > > On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote: > >> On 02/13/2015 09:15 AM, Chris Adams wrote: >> > Yeah, the old "move stuff to alternate ports" thing is largely a waste >> > of time and just makes it more difficult for legitimate use. With >> > large bot networks and tools like zmap, finding services on

Pete Biggs wrote: > On Mon, 2017-11-27 at 12:10 -0500, Jerry Geis wrote: >> hi All, >> >> I happened to login to one of my servers today and saw 96000 failed >> login attempts. shown below is the address its coming from. I added it to my >> firewall to drop. >> >> Failed password for root from 123.183.209.135 port 14299 ssh2 >> >> FYI -

On 12/02/15 20:03, Warren Young wrote: > Hi, just a quick note to whoever is maintaining this page: > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > The procedure is missing the firewall-cmd calls necessary in EL7: > > firewall-cmd --add-port 2345/tcp > firewall-cmd --add-port 2345/tcp --permanent > > Also, it may be worth mentioning that semanage

On 12/02/15 20:03, Warren Young wrote: > Hi, just a quick note to whoever is maintaining this page: > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > The procedure is missing the firewall-cmd calls necessary in EL7: > > firewall-cmd --add-port 2345/tcp > firewall-cmd --add-port 2345/tcp --permanent > > Also, it may be worth mentioning that semanage

In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the only one that can use ports below 1024. Root is the only user that can listen to that port or do

On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen <lowen at pari.edu> wrote: > On 02/13/2015 05:41 AM, James Hogarth wrote: > > This is also why the Orange Book and its Rainbow kin exist (Orange Book = > 5200.28-STD, aka DoD Trusted Computer System Evaluation Criteria). > Should anyone care to learn from the Rainbow Books, they are available from the United States of America (USA)

HI all, 1st time contributor here. I was using the guide on securing SSH, and noticed that the firewall-cmd snippets for filtering by requests per time seem somewhat outdated. From what I can tell the given snippets, relay arguments directly down to iptables, and do not cover both IPv4 and v6. (and in fact when attempting to extend to v6 the firewall would fail to reload). I came up with an

Thank you, I've gone in and made the listed changes changed firewalld sections to use services instead of just port numbers. -- Kimee On Wed, 2019-04-24 at 17:05 -0700, Akemi Yagi wrote: > On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model > <kimee.i.model at gmail.com> wrote: > > > > HI all, > > > > 1st time contributor here. I was using the

This was sent to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables

I'm not sure I follow, you just think the modified one should be called "ssh-custom", or you think there shouldn't be a modified service file at all? -- Kimee On Fri, 2019-04-26 at 19:46 +0200, Thibaut Perrin wrote: > Hi there, > > Wouldn't that be a better solution to create a custom xml file to put > in /etc/firewalld and load that "ssh-custom"

Hola lista he estado trabajando el la traducci?n de la pagina de la wiki http://wiki.centos.org/HowTos/Network/SecuringSSH pues estuve hablando con Alain Reguera y me dijo que pusiera las traducciones que hiciera ac? para que lo revisaran, bueno no se como funciona bien esta lista pero ah? les mando la traducci?n para que la revisen y me den sus opiniones y despu?s me digan como hago para ponerla

Ah. I understand now. I was considering roughly the same, but wasn't sure whether that or rich rules was preferable. -- Kimee On Sat, 2019-04-27 at 01:39 +0200, Thibaut Perrin wrote: > No, I think the rules you created might have a better place in a > custom xml file instead of being given to firewall cmd directly :) > > On Fri, 26 Apr 2019 at 23:01, Kimberlee Integer Model

I'm having a problem when using heatmap. Even though the diagonal of my matrix is all the same value, the diagonal of my heatmap is not all the same color. Any suggestions? Here is some reproducible code: ######################################### # Get data nba <- read.csv("http://datasets.flowingdata.com/ppg2008.csv", sep=",") # Reorder nba <-

Hello All, I am running the following code in RStudio, and I keep on getting an error message that says: "Error in plot.new() : figure margins too large" Is there something that I am doing wrong? # Import Data nba <- read.csv("http://datasets.flowingdata.com/ppg2008.csv", sep=",") nba #Sort Data (sorting by Points, but could be sorting by any other variable)

On Tue, November 28, 2017 9:21 am, Lamar Owen wrote: > On 11/27/2017 02:02 PM, m.roth at 5-cent.us wrote: >> Pete Biggs wrote: >>> - don't run ssh on 22, use a different port. >> I consider that pointless security-through-obscurity. > Security through obscurity it may be, but it isn't pointless. Tarpits are in a similar class; they don't help with security