We need something automated to fight this. Something that will detect any brute force attempt and make a firewall rule to keep them outside. Now enter BFD (Brute Force Detection).
This page is your friend.
Become root and type :
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gzEdit now the configuration file /usr/local/bfd/conf.bfd. Change the text
tar -xvzf bfd-current.tar.gz
cd bfd*
./install.sh
ALERT_USR="0"to
ALERT_USR="1"And
EMAIL_USR="root"to
EMAIL_USR="you@yoursite.com" this is your email, of courseAnd start bfd with :
/usr/local/sbin/bfd -sYap, it's done ;-) But be warned : bfd work together with apf, so be sure to have-it up and running (read the previous post to learn how).
Just one more thing before closing up. After a few days and a few attacks, when you are fine with your bfd setup, it might be wise to ditch maybe 90% of the attacks by changing the default SSH port (22).
You need to do this :
- edit the file /etc/ssh/sshd_config
- find the line
#Port 22
and change-it toPort 333 replace with your preference
- find the line
#Protocol 2, 1
and replace withProtocol 2
- DON'T FORGET THE FIREWALL !!
Add the new ssh port to your firewall settings (/etc/apf/conf.apf) or you will lock yourself out of your own server. - restart ssh
service sshd restart
Done.
No comments:
Post a Comment